Beware USB devices

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • Alphabrew

    Binary male Lesbian
    MDS Supporter
    Jan 27, 2013
    40,749
    Woodbine
    This video shows how to hack a USB device so that it can be used to gain access to a target machine. Scary!

    [YT]VTTLjtLaESo&t=1057s[/YT]
     

    woodline

    Ultimate Member
    MDS Supporter
    Jan 8, 2017
    1,947
    When conducting Pen Testing of a facility, one of the lowest energy methods to get access is to seed the area with dorked USB Drives. Bathroom, waiting room, coffee shop downstairs, etc. Nothing is 100%, but it is pretty common for an employee to find one and do all the hard work for you.
     

    BeoBill

    Crank in the Third Row
    MDS Supporter
    Oct 3, 2013
    27,064
    南馬里蘭州鮑伊
    This video shows how to hack a USB device so that it can be used to gain access to a target machine. Scary!

    [YT]VTTLjtLaESo&t=1057s[/YT]

    This was old news in 2000. It's possible to harvest keystrokes from the next building.
    When conducting Pen Testing of a facility, one of the lowest energy methods to get access is to seed the area with dorked USB Drives. Bathroom, waiting room, coffee shop downstairs, etc. Nothing is 100%, but it is pretty common for an employee to find one and do all the hard work for you.

    It's even easier to just wander around during break and lunch time and sit down at the PC that "the little old lady in tennis shoes" left wide open.

    The paranoids ARE out to get us.
     

    Occam

    Not Even ONE Indictment
    MDS Supporter
    Feb 24, 2018
    20,239
    Montgomery County
    I have a client that would rather I bring a rattlesnake covered in poison ivy oil salted with leprosy crumbs than introduce a single usb thumb drive into the same zip code as any one of their employees.
     

    Derek1320

    Active Member
    Nov 10, 2009
    791
    I have a client that would rather I bring a rattlesnake covered in poison ivy oil salted with leprosy crumbs than introduce a single usb thumb drive into the same zip code as any one of their employees.

    This is like my organization. Big time no no. We run Crowdstrike's aggressive policy on all endpoints so USB storage is disabled on every machine by default, but just pulling out a USB drive will get you looked at sideways.

    Our marketing dept tried to hand out branded USBs a few years ago and our CIO was like "Are you Fing kidding me?" Needless to say, they're all in a box in storage.
     

    Glaron

    Camp pureblood 13R
    BANNED!!!
    MDS Supporter
    Mar 20, 2013
    12,752
    Virginia
    This video shows how to hack a USB device so that it can be used to gain access to a target machine. Scary

    When conducting Pen Testing of a facility, one of the lowest energy methods to get access is to seed the area with dorked USB Drives. Bathroom, waiting room, coffee shop downstairs, etc. Nothing is 100%, but it is pretty common for an employee to find one and do all the hard work for you.

    yep, I remember a report about a bank test. They scattered USB drives in the parking lot. Eventually an employee breached the bank for them.
    Yes, USB are forbidden in secure environments. ;)
     

    JB62

    Ultimate Member
    Mar 5, 2013
    1,498
    Annapolis
    Yep, our work has disabled all computers from using them unless they are a specific brand that has a unique token to activate. They have locked down our external devices so we can no longer print from home either unless it is a company provided printer which are rarer than hens teeth and god forbid you sent too much stuff to personal email so you can print. You will quickly get a not so happy email or phone call.
     

    TexasBob

    Another day in Paradise
    MDS Supporter
    Oct 25, 2012
    2,485
    Space Coast
    USB hacking has been a thing for a long time, There was a little experiment ran by one of those 3 letter agencies many years ago where they would leave USB drives around Government and Collage/University's driveways, parking lots and offices to see how many people would just plug them into laptop/desktops. The Experiment show people are dumb and it was very easy to get control of everyday peoples systems, capture passwords, credit cards, bank accounts. A good example of how easy to get people to give you access to there computer was H&R Block they mailed out cheap USB's to thousands of people telling them they can get free TAX software and the sheep plugged them straight into the same computer they login Amazon, Bank account, book airlines etc. It was a good thing there wasn't anything bad on those USB drives.

    Back in the day one of my jobs was to disable USB ports on computers and full them with hot glue.:cool:
     
    Last edited:

    Alphabrew

    Binary male Lesbian
    MDS Supporter
    Jan 27, 2013
    40,749
    Woodbine
    Got myself a Rubber Ducky and have been playing around with it. Wrote a harmless script that ran perfectly on my work computer, lol

    ETA:

    Used this site to write and compile the script to the Rubber Ducky, was really easy:

    https://ducktoolkit.com/
     

    Attachments

    • 6F24DF62-8F27-41F1-8AAE-A428F20E0347.jpg
      6F24DF62-8F27-41F1-8AAE-A428F20E0347.jpg
      65.8 KB · Views: 458
    • 8EA9C99E-3930-4310-B3FC-9FFFFCDFF1B0.jpg
      8EA9C99E-3930-4310-B3FC-9FFFFCDFF1B0.jpg
      35.2 KB · Views: 462

    Alphabrew

    Binary male Lesbian
    MDS Supporter
    Jan 27, 2013
    40,749
    Woodbine
    Peep my new toy. It’s a key logger that I got to play around with. It generates a WiFi signal in which the keystrokes can be obtained from. Can’t wait to test it out just for giggles. It’s always good to be aware of what’s out there!
     

    Attachments

    • 0A607D99-B9A4-48F7-B094-B8EB7142D854.jpg
      0A607D99-B9A4-48F7-B094-B8EB7142D854.jpg
      45.3 KB · Views: 376

    Alphabrew

    Binary male Lesbian
    MDS Supporter
    Jan 27, 2013
    40,749
    Woodbine
    I also got a malduino which is a sexed up version of a rubber ducky
     

    Attachments

    • D3484C53-A5D8-4491-81A6-B46537F39A40.jpg
      D3484C53-A5D8-4491-81A6-B46537F39A40.jpg
      68.3 KB · Views: 333

    JohnnyE

    Ultimate Member
    MDS Supporter
    Jan 18, 2013
    9,466
    MoCo
    Nuts. This thread just made me realize I have a vulnerability in my system, and it's the bluetooth keyboard I use.

    I think I may still use it for typing in mundane things, but when it comes to entering passwords, account info, and other PII, I'll use the keyboard on the laptop itself.

    Even though bluetooth range isn't much, and my neighbors homes should be far enough away, why take the chance.
     

    Users who are viewing this thread

    Latest posts

    Forum statistics

    Threads
    274,934
    Messages
    7,259,557
    Members
    33,350
    Latest member
    Rotorboater

    Latest threads

    Top Bottom