Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't fall for this


  • Please log in to reply
13 replies to this topic

#1 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:10:16 AM

Posted 22 September 2016 - 12:52 PM

Hand-delivered hacking: malicious USBs left in mailboxes

 

I wonder how this would fly on a military base. 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 22 September 2016 - 01:05 PM

I wonder if booting a live linux distro then wiping the drive with the dd command would get you a free drive. 



#3 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:16 AM

Posted 22 September 2016 - 01:08 PM

Haven't heard of people dropping them in mail boxes before... interesting tactic. I bet you could get a lot of people plugging them in.

 

I wonder if booting a live linux distro then wiping the drive with the dd command would get you a free drive. 

 

It would clean the drive, though I might be worried about hacked firmware. So probably best to just toss it. Storage is dirt cheap nowadays anyway.

I would plug it up in a virtual environment, just to see what was on it. Probably just some trojan to turn your PC into a bot or something.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#4 Trikein

Trikein
  • Topic Starter

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:10:16 AM

Posted 22 September 2016 - 01:11 PM

Probably, but not worth the risk IMO. ::edit:: Written as BC Advisor wrote their post.

"Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. "


Edited by Trikein, 22 September 2016 - 01:12 PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 22 September 2016 - 01:12 PM

You can use a Raspberry Pi to sanitize USB sticks: https://www.circl.lu/projects/CIRCLean/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Trikein

Trikein
  • Topic Starter

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:10:16 AM

Posted 22 September 2016 - 01:18 PM

Useful for backwards engineering, but considering USB flash is so cheap, and such a device is probably expensive, it doesn't seem economical. Also, it wouldn't repair the original drive, just copies the data over from it.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 22 September 2016 - 02:52 PM

You can use a Raspberry Pi to sanitize USB sticks: https://www.circl.lu/projects/CIRCLean/


Wow, nice little project they got going there. I really want to try it :P

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Trikein

Trikein
  • Topic Starter

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:10:16 AM

Posted 22 September 2016 - 03:19 PM

This form of attack works against a white hat's weakness; morbid curiosity. If I found one of these in my mailbox, I probably would be tempted to create some kind of virtual environment to meddle with it in. My curiosity would accomplish the attacker's primary goal; physical access. Even if the USB had "VIRUS" written on it with bright red marker I am sure someone would attach it to something just to see what it was. Even though it is contradictory, my best advice to anyone getting one of these is to light it on fire.  :flamethrower:


Edited by Trikein, 22 September 2016 - 03:20 PM.


#9 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:02:16 AM

Posted 22 September 2016 - 05:32 PM

I live in a country town, We never get cool free stuff like USB sticks in the mail.



#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 23 September 2016 - 08:35 AM

Useful for backwards engineering, but considering USB flash is so cheap, and such a device is probably expensive, it doesn't seem economical. Also, it wouldn't repair the original drive, just copies the data over from it.

 

No, not expensive, Raspberry Pi is cheap.

 

And yes, that's the goal of the project: sanitize by making a filtered copy.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 23 September 2016 - 08:37 AM

This form of attack works against a white hat's weakness; morbid curiosity. If I found one of these in my mailbox, I probably would be tempted to create some kind of virtual environment to meddle with it in. My curiosity would accomplish the attacker's primary goal; physical access. Even if the USB had "VIRUS" written on it with bright red marker I am sure someone would attach it to something just to see what it was. Even though it is contradictory, my best advice to anyone getting one of these is to light it on fire.  :flamethrower:

 

Burning plastic & electronics produces toxic waste.


Edited by Didier Stevens, 23 September 2016 - 08:38 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 Trikein

Trikein
  • Topic Starter

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:10:16 AM

Posted 23 September 2016 - 09:09 AM

Doesn't all fire produce toxic waste? But if you prefer, hit it with a very large hammer.  :smash:



#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:16 PM

Posted 27 September 2016 - 02:37 PM

FYI: not all fire produces toxic waste. For example, burning hydrogen gas produces water.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 27 September 2016 - 02:44 PM

Doesn't all fire produce toxic waste? But if you prefer, hit it with a very large hammer.  :smash:

 

That still produces toxic waste. Better to vaporize it with a Phaser. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users