Hacker News new | ask | show | jobs
by deathanatos 2671 days ago
I think the device featured in the article "merely" appears as a keyboard to the victim machine. The attack can then transmit keystrokes over WiFi. (This is still sufficiently dangerous. Essentially, it's "open terminal, download evil.exe, execute evil.exe, minimize/close" and escalate from there. So, not something you want to happen.)

That said, if you click the link next to BadUSB, they detail attacks whereby the device pretends to be a USB Ethernet adapter instead. And while you're right that stuff typically wants user input prior to connecting to WiFi networks, I don't think anything prompts before connecting to wired networks. The onboard WiFi could even make it appear to work, so as to not arouse suspicion (by simply bridging the pretend-ethernet to the WiFi), but now your attack has a MitM and a keyboard…

Needless to say, you don't want random USB devices getting plugged into your machine.
1 comments
jon-wood 2671 days ago
I’m sure there are some secure networks that require 802.1x authentication against a specific certificate authority, which would ensure devices only connect to a trusted network. That’s definitely an exception rather than the rule though - I’ve never worked anywhere that does anything more than limiting which device can connect to a particular switch port.
link
deathanatos 2671 days ago
I've also seen wired network authentication, but that's typically the network authenticating the devices that connect to it. This is more like the need for the device to authenticate the network that it's attached to, or really, to authenticate the USB devices attached to it. This is somewhat problematic: I feel like most employees/people want to go to a coffee shop and do work, or work at home, etc. How does one distinguish between those networks and the rouge ones?

(I think ideally, you don't distinguish. Every network is equally untrusted, and you rely on good end-to-end encryption. That doesn't address the rouge HID attack, however.)

I've also seen unauthenticated corporate networks where STP packets reach the end user ports, and AIUI, the right response packet would direct the network to start sending all traffic my way…

link