The new threat
Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.
Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here
on March 27th, 2011 at 9:31 am
[…] Here is a little gizmo that can be used to compromise a Windows 7 PC. The moral is: keep your PC locked or turned off if you are not using it. […]
on March 27th, 2011 at 9:33 am
[…] Here is a little gizmo that can be used to compromise a Windows 7 PC. The moral is: keep your PC locked or turned off if you are not using it. […]