Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In what ways can my laptop be compromised in an IT environment?


  • Please log in to reply
6 replies to this topic

#1 TheRedMeanie

TheRedMeanie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 27 March 2018 - 11:40 AM

Hi, I recently got employed in a big IT company. For a short while, I'll be using my personal laptop in there for learning purposes because the work computers have too many restrictions that hinder the learning process.

 

I'm wondering in what ways my laptop running Windows 10 can get infected? Here's the scenario, I'll leave my laptop locked when unattended. I'll be using my own hotspot network that only I have access to, so no local MITM from someone at work. I'm very educated about phishing emails, so that's unlikely to work. 

 

There might be many vectors I'm missing, please do mention. The one thing I'm worried about are those USB drivers with compromised firmware. Would they work even if my Windows 10 laptop is locked when attached? If yes, in what ways can I mitigate that? Any suggestion would be appreciated, thanks.

 



BC AdBot (Login to Remove)

 


#2 mikey11

mikey11

  • Members
  • 1,194 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:08:27 PM

Posted 27 March 2018 - 12:22 PM

i think your worrying way too much



#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 27 March 2018 - 12:44 PM

If you really think someone will try to compromise your laptop like this, while it's left unattended in a secured office, you can mitigate it as follows: shutdown your laptop, remove the battery and the power supply.

 

But then that same attacker can take out the harddisk and tamper with it, assuming it is not encrypted.

 

I would not worry about this, but it's up to you to decide if need to worry about this.

 

It's not because some attacks are feasible, that someone is actually willing to take the time and spend the resources to perpetrate the attack against you.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 TheRedMeanie

TheRedMeanie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 27 March 2018 - 01:18 PM

If you really think someone will try to compromise your laptop like this, while it's left unattended in a secured office, you can mitigate it as follows: shutdown your laptop, remove the battery and the power supply.

 

But then that same attacker can take out the harddisk and tamper with it, assuming it is not encrypted.

 

I would not worry about this, but it's up to you to decide if need to worry about this.

 

It's not because some attacks are feasible, that someone is actually willing to take the time and spend the resources to perpetrate the attack against you.

 

I'm not worried about someone opening up my laptop, but there are attack vectors as I've mentioned one that simply require inserting a USB. This is far more likely for the attacker to perform rather than opening up my laptop which will obviously take a lot of time. 

 

I am NOT worried about the vectors that take time, laptop hardware tinkering, dedication & talent. But there are a few vectors that don't require lot of time & hardware tinkering. I'm simply worried about them. My laptop is encrypted btw. Since this is a security forum, I would love to know the different attack vectors rather than the generic "Keep your PC Off when not using" because that just might be too extreme for an attack vector that's most easy to perform & more likely for an attacker to choose. I have to know the risks too.


Edited by TheRedMeanie, 27 March 2018 - 01:19 PM.


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 27 March 2018 - 01:53 PM

Depending on the laptop, it can be trivial to open and remove the harddisk, even without tools like a screwdriver. I've removed harddisks from laptops in less than 5 seconds, because they were designed for easy maintenance.

 

If you leave your locked (Windows) laptop powered on, then USB devices can be inserted and interact because they get power. If you shutdown your laptop and remove all power, then a USB device can not be powered up. That's why I said you can mitigate such attacks by powering down your laptop, and preventing the attacker from powering it up.

 

You're most likely referring to BadUSB. That requires some hardware tinkering.

 

An attack that does not require hardware tinkering or skills is credential harvesting with responder & a Bash Bunny for example. https://blog.didierstevens.com/2017/04/06/quickpost-using-my-bash-bunny-to-snag-creds-from-a-locked-machine/

As you can see in the video I made, it takes about 20 seconds.

But like I wrote, this attack requires resources: your attacker needs to obtain a Bash Bunny or similar device.

 

Another way to mitigate credential harvesting via USB network devices, is to disable support for these devices. But that too might not be practical, if you use similar devices yourself.


Edited by Didier Stevens, 27 March 2018 - 01:54 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 STS-1

STS-1

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 PM

Posted 27 March 2018 - 04:36 PM

The first rule of thumb in security, is that if they have physical access to the device it is only a matter of time.... Best way to protect yourself is to never let anyone have physical access to the device :)



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:27 PM

Posted 27 March 2018 - 05:47 PM

It amazes me how little most people understand about making accurate risk assessments.

 

Worrying about things very remotely possible, rather than focusing on securing against the commonly probable, is completely, utterly backwards.

 

I've said it before and I'll say it again:  Very few infections/compromises "sneak on" to a computer without any user action.  Most are invited in by direct user action.

 

Worrying about random coworkers running around in most office settings to spread infections via USB is so improbable as to not warrant consideration.  Sure, it will occur at some time, some where, but there's a woman who was hit by space junk (and is the only human confirmed to have had this happen) and it's about that probable. 

 

And STS-1's observation is 100% accurate.  Controlling physical access to a device is the first line of defense.  But one should be able to have a computer be perfectly fine without it being hermetically sealed against human contact.  Most people are not bad actors.


Edited by britechguy, 27 March 2018 - 05:49 PM.

Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users