When setting up complex security, there are many recommendations, the need to implement them depends on the level of your paranoia and the threats which you would like to protect yourself from. We will consider one of such recommendations today. I will neither advise doing it nor discourage from it, I’ll just tell you about it as it is.
I previously wrote about the attack BadUSB. This is a very dangerous attack when a device connected via USB port begins to pretend to be another. For example, a USB flash drive pretends to a computer as a keyboard and gets all the rights of the keyboard.
Similar devices you can buy on the darknet forums and on AliExpress. Here is an example of such a product, I myself have not experienced it, but I will trust the reviews and description.
As you understand, you can control the device remotely by sending keystrokes to the target computer. At first glance, this may seem like nothing more than a funny toy, but everything changes when we remember the hotkeys.
Hotkeys allow you to launch and manage various applications by pressing keyboard shortcuts. For example, thanks to the hotkeys, you can start the terminal and execute the necessary commands in it.
So, the attacker inserts this flash drive into the victim's computer, the computer perceives it as a keyboard. Then, using the hotkeys, the attacker launches the terminal / console.
For example, in macOS, you can run a combination of command + space, then enter "terminal" and Windows’ users can start the console with the key combination Win + r, then type cmd and press.
Terminal / console / command line is a tool for managing a computer using commands. After launching a terminal / console, before an attacker, even without administrator rights, there are plenty of opportunities, for example, copying files from a computer and sending them to the server or simply deleting them.
Windows’ users can enter the command shutdown -r -t 0, and the computer will restart in an emergency basis. From the terminal / console, you can control the settings, for example, disable the real mouse and keyboard, this will make it harder for the victim to attempt to stop the process.
By the way, the remote control of the inserted flash drive in this case is an interesting, but not mandatory option. If the hotkeys on the device are set by default and are known, you can write commands and play them on the victim’s computer when the device is connected and without remote access.
The situation is complicated by the simplicity of writing such commands, even a novice hacker will be able to cope with this task, if he has some savvy and patience.
The recipe for protection against this attack is simple, i.e. change the standard hotkeys or disable them altogether if you do not need to use them.
In macOS, you can disable hotkeys by going to System Settings> Keyboard> Keyboard Shortcuts.
In Windows 10: Settings> Time and language> Region and language> Advanced date and time settings, regional settings> Language> Additional settings> Change language bar shortcut.
In Linux Mint: System Settings> Keyboard> Keyboard Shortcuts.
I do not show in detail how to change and disable hotkeys, because I believe that you can deal with this issue. And if you can't, DuckDuckGo will help you.
Standard methods of protection against attacks via USB, which we offer in the course, will involve hardware and software protection of USB ports or their disconnection. They will also effectively protect you from such an attack.
PLEASE, if you like our materials, subscribe to our YouTube channel .
This is very important for the existence of the project.