Elie Bursztein shared an experiment he did during the recent Black HAT USA conference. Elie’s research entailed a lost 297-USB-drive. It took place at the University of Illinois, Urbana- Champaign Campus.
The 297-USB-drive he dropped on purpose had phone-home capabilities. Elie talked about how a hacker could make a malicious USB disk with a tiny development board. Then he could plug it into a computer and do the damage. Bursztein said that almost half of the people who found their USB drive plugged it into their PC.
The researchers dropped their drives in six campus areas. These researchers came from the University of Michigan. Others were from Google and the University of Illinois, Urbana-Champaign. People picked Forty-eight percent of disks across campus. They also plugged them into computers. Then they clicked on the files.
In just one hour of dropping the USB drives, 20 percent connections had occurred. On average, it took a person seven hours to access the HTML file. Bursztein and fellow researchers made sure the gadgets were clean. They did not trap them with a remote access tool.
They kept files with spring break pictures and final exam labels. When the user clicked on the HTML file twice, an email connection to the survey took place.
Sixty-eight percent of people clicked on files to determine the owner of the USB disk. 8 per cent did it out of curiosity. This study occurred in 2015 and was successful.
Research went on
Bursztein went on to show how an attacker could make a malicious USB disk. He could use the Human Interface Device. This HID device would let the attacker access and control an internet-enabled Mac or PC.
A Teensy 3.2 development board is necessary. Also, the attacker needs silicon, resin, and a connector. Bursztein made a malicious drive worth 40 dollars.
To avoid firewall detection, Bursztein used a scripting language to create outbound links. He had to reach his goal in three phases. First, the OS had to accept the key and USB driver had to load.
Second, he had to use USB fingerprinting to establish the commands to run. Third, he had to do a reverse shell command. The whole process was complicated and entailed many tests.
Image from Pixabay