This USB drive is unique in that it uses U3 technology. That's what allows it to come bundled with software that starts automatically when you plug it into your Windows computer. With other USB drives this doesn't work becuase autorun isn't enabled by default. However it is enabled for CD-ROM drives. The U3 technology in this USB drive makes it look like both a regular USB drive, and a CD-ROM.
This hack, dubbed the USB Switchblade, takes advantage of that technology. By flashing this drive with custom software one is able to create a quite nifty hacking tool which, among other things, can:
Grab password hashes
LSA secrets (saved form data and passwords)
IP Information
Internet Explorer Passwords
IM client passwords
FireFox Passwords
Windows Update Lister
Running Processes
As well as creating backdoors using both integrated Windows accounts and invisible VNC (remote-access) installations.
There is a boat load of development on this project so this only scratches the surface. It can even be used for good -- there's a payload specifically designed for forensics investigators!
A video and additional material can be found at www.hak5.org/usb-switchblade
Discussion about
Hack to instantly and silently steal passwords, create back doors and more!
Which is why I disable autorun across the board. And I never let other people play with my main machines.
Really guys, this isn't some kind of weapon. It's just important to illustrate some of the things that might autorun when you plug a USB stick into your computer. These three steps will stop most potential attacks from this:
1. You should always keep your OS and applications up to date - most of these attacks run against vulnerabilities that have already been closed in the latest versions.
2. Always run an antivirus (a decent antivirus would prevent many things).
3. Have two accounts on your personal computer, an administrative one you use rarely, and a low-privilege user account for your everyday stuff.
1. You should always keep your OS and applications up to date - most of these attacks run against vulnerabilities that have already been closed in the latest versions.
2. Always run an antivirus (a decent antivirus would prevent many things).
3. Have two accounts on your personal computer, an administrative one you use rarely, and a low-privilege user account for your everyday stuff.
The autorun is just one of many ways to initiate these attacks. Drive-by downloads, phishing, trojans, unauthorized local accesss, etc. etc. Disabling autorun is not a bad idea, but I recommend "defense in depth" :)
This post has been removed.
You can temporarily disable autorun by holding down shift while inserting the drive.
For those interested here is the Microsoft KB article on disabling autorun
support.microsoft.com/kb/967715
For those interested here is the Microsoft KB article on disabling autorun
support.microsoft.com/kb/967715
