Introduction

A Brief Introduction to USB Attacks

From time to time, a new exploit in ubiquitous hardware (like USB) is engendered. Taking advantage of such vulnerabilities often requires specialized knowledge, or is patched quickly enough that the attack surface is practically non-existent in real world applications.

However, Keystroke Injection is an exploit that has stood the test of time by taking advantage of a computer’s inherent trust of USB Keyboards!

What is Keystroke Injection? #

Human Interface Devices (HID) encompass things like mice and keyboards - devices that require practically no setup or authorization to use.

Keystroke Injection, coined by Hak5, is a type of HID attack that uses a microcontroller to emulate a keyboard - and delivers pre-programmed keystrokes at devastating speeds!

In The Wild #

• Fin7 Social Engineered victims into plugging malicious USB’s into their computers
• Samy Kamkar’s USB Driveby creates a DNS backdoor on victim devices
• Emulate Razer Devices to take advantage of a privilege escalation bug!

Preventative Measures #

Some EDR’s can detect & prohibit devices typing at speeds “faster than a human should”.

Solutions like USB Guard can be used to create policies for whitelisting or blacklisting USB devices - so you can lock your computer into using the default keyboard or certain trusted peripherals.