cloud network hunting note: “look, the big, bad! He put a secret device plugged in to a computer, a progress bar will appear on the screen, to achieve 100% device automatically complete the task to steal information.” This sort of often appeared in the spy movie, now Samy Mr. Kamkar developed “ USB necklace”, just after the inserted into the target computer 60 seconds, can turn it into reality.
Samy is Mr. Kamkar hacker community of a legend. He development of Samy worm virus has infected more than 1 million in 2006 MySpace account; SkyJack and development system in 2013, is a hacker device that can be hijacked by wireless network and control of unmanned aerial vehicle (uav) for the uav is controlled by himself. Nowadays, Samy Mr. Kamkar starts going again, he released a video on the Internet, used to demonstrate called USBdriveby “USB necklace”.
this USBdriveby necklace device, by controlling the lurking in the computer USB interface inherent vulnerabilities, after inserted into the computer, only 60 seconds, can automatically invasion, get the user details. Its operation process is introduced as follows:
the first step, a disguise: USBdriveby necklace after insert the USB interface, computer hardware can be identified as a keyboard or mouse;
the second step, close the firewall: USBdriveby necklace through a series of keyboard input, automatically shut down the firewall operation, can also close the apple OS X built-in firewall;
the third step, tamper with the DNS: USBdriveby necklace modifies computer DNS Settings, computer hackers access control, user access any website chain directly into the hacker preset picture;
the fourth step, break system back door: USBdriveby necklace after completion of the operation can be in the user’s computer and set up the outbound links between the remote computer, further connected to a hacker predefined server;
step 5, eliminate trace: USBdriveby necklace finally will also automatically close all opened Windows, in the process of removing trace, do go unnoticed.
imagine in 30 to 60 seconds, a device sneak into your computer, close the firewall, empty running records, and also established the remote operation of the machine at the same time, also can’t eliminate control device to remove even after. It’s terrible!
in Samy Mr. Kamkar released video, mainly for the apple OS X specified invasion plan, but is not limited to apple’s operating platform, it is easy to will be extended to the Windows and the Unix operating system.
in the face of such situation, how to defense? In fact, there is no effective method. Because, USB peripherals can easily become BadUSB loophole, invasion of computer become a major source. Although, there are a lot of make up way, such as USB implemented in hundreds of millions of computer users, use the agreement; Do not add other in USB device; The computer port when don’t go out in the public eye, so as to avoid hacking.