Hacking with USB keyboard emulators
It's common knowledge that, due to the risk of infection, caution needs to be exercised when connecting USB flash drives to a PC. What's not so well known is that modified USB devices can also pose as keyboards and immediately pass keystrokes to a victim's system.
Depending on the operating system, just a few emulated keystrokes can be enough to sabotage or infect a system – mouse emulation is also possible. In contrast to USB flash drives, when a keyboard is connected the operating system will not usually display a window requesting permission to use the device. A user may not even be aware that a modified USB device posing as a human interface device (HID) has been connected to his or her system. Under Windows a pop-up window is briefly displayed, but under Linux only a glance at the logs will reveal that this has occurred.
Until recently, hackers were using micro-controller boards with USB support, such as the Teensy USB Development Board, for such attacks. This kind of hardware has been used to hack the PS3, for example. At the recent Black Hat Conference, however, security specialists Angelos Stavrou and Zhaohui Wang presented a talk on how to hack PCs without the aid of specialist hardware. By applying a simple modification to the USB stack on an Android mobile, they were able to make it pose as a keyboard when connected to a computer.
Stavrou and Wang have not so far made their software publicly available. However, toolkits for programming and loading the Teensy board with special payloads have been around for a while. The Social Engineering Toolkit, for example, works in combination with the Metasploit exploit framework to open a shell on the target system which can be accessed via a local network.
The idea of using crafted USB devices originally arose some (German language link) years ago as a joke. A prank gadget, available as the Phantom Keystroker, is designed to drive colleagues or partners mad by emulating keystrokes and mouse movements. ThinkGeek, the company behind the Phantom, is keen to emphasise that version 2.0 of the device never actuates the left mouse button or the enter key, ensuring that it can't cause any actual damage.