£13 'USBdriveby' attack: For the hacker on a budget

A $20 (£13) USB microcontroller comes loaded with code which can install a backdoor on a target machine in a few seconds and hand control of it to the attacker.

Developed by Samy Kamkar, who has been working on the new project for some time, it uses code that can emulate the keyboard and the mouse and evade the security protections such as local firewalls.

Named the USBdriveby attack, Kamkar devised is somewhat similar to the work done by Karsten Nohl and Jacob Lell on the BadUSB attack, but said that their attack is much more sophisticated but in both cases, the attack takes advantage of the trust that computers have in any USB device that’s inserted.

Kamkar’s USBdriveby attack can be executed in a matter of seconds and would be quite difficult for a typical user to detect once it’s executed. In a demo video, Kamkar runs the attack on OS X, but he said the code, which he’s released on GitHub, can be modified easily to run on Windows or Linux machine. The attack inserts a backdoor on the target machine and also overwrites the DNS settings so that the attacker can then spoof various destinations, such as Facebook or an online banking site, and collect usernames and passwords.

Published under license from ITsecurityguru.org. All rights reserved.