The past decade has taught us that there are quite some attacks vectors on USB. These vary from hardware key-logging to driver fuzzing and from power surge injection to network traffic re-routing. In addition to addressing these issues, the security community has also tried to fix some of these. Several defensive hard- and software tools focus on a particular piece of the puzzle. However none, is able to completely mitigate the risks that involves the everyday use of USB in our lives.
Key stroke injectors like Rubber Ducky and MalDuino have a big disadvantage: they are not very stealthy. When no protection is in place, there is a big change the end-user will notice something fishy is going on. Proper USB Class filtering policies and a daemon that monitors typing speed will put this kind of attacks to a halt. To bypass current security mechanisms (including USB hardware firewalls), I have developed Keynterceptor. This is a proof of concept keyboard implant that is able to capture and inject keystrokes and communicate over the air via a back-channel while keeping the local time.
Since Keynterceptor is made up from very affordable, off-the-shelf electronic parts, it is likely that such an attack tool can be created and used by someone with few resources. I will demonstrate the effectiveness of Keynterceptor in a real-world scenario where an end-point gets compromised. I will also be present at the Hardware Hacking Village in the CommSec area where you can come and check out the Keynterceptor yourself!
