USBdriveby, how to compromise a PC with a $20 microcontroller

USBdriveby is a device designed to quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB.

The security experts Samy Kamkar (@SamyKamkar) has proposed a very interesting way to compromise an unlocked computer and deploy a backdoor on it simply by using a pre-programmed Teensy microcontroller.

The cheap ($20) pre-programmed Teensy microcontroller, dubbed USBdriveby, emulates a generic USB peripheral, like a keyboard or a mouse, when plugged into a machine.

The pre-programmed Teensy microcontroller misuses the trust computers usually give USB devices to execute malicious applications that are used to compromise the machine.

“Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.” explains Kamkar.

The applications launched by the USBdriveby are able to evade the local defense, like firewall or IDS, install a reverse shell in crontab and modify DNS settings. without any additional permissions and without the machine detecting and blocking its actions.

The technical details about the creation of the USBdriveby tool are available on the official project’s page.

“USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing controlled commands, flailing the mouse pointer around and weaponizing mouse clicks.

In this project, we’ll learn how to exploit a system’s blind trust in USB devices, and learn how a $20 Teensy microcontroller can evade various security settings on a real system, open a permanent backdoor, disable a firewall, control the flow of network traffic, and all within a few seconds and permanently, even after the device has been removed.” states the official page of the project.

The USBdriveby attack is very insidious because it doesn’t request any additional permissions to run applications and without the target machine is able to detect any suspicious activity. Kamkar demonstrated that the USBdriveby works on Apple OS X systems, but the researcher confirmed that the attack can be easily modified to compromise Windows and Unix/Linux machines.

Kamkar explained that the USBdriveby could be easily ported on Arduino microcontrollers instead Teensy microcontrollers.

The experiment made Some Arduino microcontrollers can be also be used instead of a Teensy.

Below a Video POC of the USBdriveby attack:

If you are interested to proof the concept of hacking via USB, give a look to the BadUSB project, designed by Karsten Nohl and the srlabs team..

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – USBdriveby, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.