View All Posts
read
Want to keep up to date with the latest posts and videos? Subscribe to the newsletter
HELP SUPPORT MY WORK: If you're feeling flush then please stop by Patreon Or you can make a one off donation via ko-fi

Learn how a seemingly harmless USB power bank can be used to hack a computer, showcasing the dangers of plugging in random devices and the importance of being cautious with computer security.

Related Content
Transcript

[0:00] Hmm, what’s this?
[0:02] Someone has lost their USB Powerbank.
[0:04] Manufactured by ACME!
[0:07] I think they’ve got a pretty good reputation for reliability and quality.
[0:10] This is a keeper, I’m taking this home.
[0:14] Let’s get it charged up - looks like it’s working - the light is flashing.
[0:18] I’ll get on with the working day.
[0:21] Yawn - time to call it a day.
[0:43] What just happened to my computer?
[0:46] I’ll explain all after this quick plug for the channel sponsors PCBWay.
[0:50] I know I say it every time, but they really are worth having a look at.
[0:54] They don’t just do PCBs, they also do 3D printing, CNC work and whole bunch of other useful things.
[1:00] I’ve put a link in the description.
[1:03] So, what happened?
[1:06] My computer just got hacked!
[1:08] There’s a few things to unpack.
[1:10] What’s the anatomy of this hack?
[1:13] We start off with a bit of social engineering
[1:16] I’ve made a reasonable facsimile of a powerbank
[1:20] It’s got a USB connection for charging,
[1:22] and it’s a got a USB socket for powering other devices
[1:25] It’s also got a flashing light!
[1:28] It’s obviously completely fake
[1:30] but if you were a serious hacker there’s no reason why you could take a real power bank and replace the electronics with your own.
[1:36] You could even make it completely functional so that it still acts as a power bank.
[1:41] If you look inside my power bank it’s not going to do much.
[1:44] The USB socket is not connected to anything
[1:47] and the charging side of things is actually going to a Teensy microcontroller.
[1:51] I’m using the Teensy 4.1 but any Teensy version would do the job.
[1:56] The Teensy is a really nice little device that has some useful features for what we’re doing.
[2:01] The first thing we need to make our fake power bank look realistic is a charging LED
[2:06] getting a flashing LED on the Teensy is pretty easy,
[2:09] we can just use the IntervalTimer functionality and turn the built in LED on and off.
[2:15] You could get fancy here if you wanted and have the LED fade in and out using PWM.
[2:21] To make it look nice I’ve used hot glue to make light pipe from inside the case.
[2:26] This actually looks surprisingly good.
[2:27] I think there’s a project around using hot glue for light pipes in the future.
[2:33] That’s the social engineering side of things, we’ve got a reasonably realistic-looking power bank
[2:38] that might fool someone enough that they would plug it into their computer.
[2:42] The next thing we need to do is defeat some of the safety measures that are built into the computer.
[2:46] The main one for this hack is the screen lock.
[2:50] My computer is setup to lock its screen after a minute of idle time.
[2:54] Once it’s locked you can only access it with my password.
[2:58] This would prevent us from taking over the computer and running our hack.
[3:02] We need to stop the computer from locking the screen so that we can take control of it.
[3:07] This is where the Teensy functionality comes in handy.
[3:10] We can configure the Teensy to act as a USB mouse.
[3:13] If you look carefully at the cursor you can see that it is moving very slightly.
[3:18] This is obviously speeded up considerably, in a real hack attack
[3:21] you’d probably only need to move it every 30 seconds.
[3:23] It looks very obvious close-up, but when you are looking at the screen normally
[3:27] with it only moving occasionally you don’t notice
[3:31] If we watch the computer now with the Teensy plugged in
[3:33] we can see that it doesn’t lock anymore.
[3:37] So, what’s next?
[3:38] We now need to trigger our attack.
[3:40] For my simple demo,
[3:41] I’m just triggering the attack after a certain amount of time has passed since it was plugged in.
[3:46] You could get very sophisticated here
[3:48] you could include a real-time clock in your device so that it could be triggered at a particular time.
[3:53] Or you could even include a remote control so the attack could be triggered manually.
[3:58] This could be done using one of these wireless controls
[4:00] or if you wanted very long-range there’s no reason why you could include a GSM module and run the hack by sending a text message.
[4:09] With the hack triggering mechanism done we need to execute the hack and deliver the payload.
[4:14] To do this we take advantage of the fact that the Teensy can also act as a USB keyboard.
[4:20] I’m targetting a Mac computer in this demo
[4:22] so I have a set of keyboard commands that will use the quick launch mechanism of spotlight to run the Terminal application and then run a short script.
[4:29] We run the terminal application by sending Command+Space to open up spotlight quick launch
[4:35] and follow that by sending the string “terminal.app” followed by the return key.
[4:40] This will either launch a new instance of Terminal or bring an existing running Terminal instance to the foreground.
[4:46] If an existing Terminal is brought to the foreground it may be already running something.
[4:51] To ensure we get a fresh prompt we use the Command+T keyboard combination to create a new Tab.
[4:57] You’ll notice in the code that I have a short delay between each of these commands
[5:01] we need to give the computer time to launch the application
[5:04] and to run any startup scripts for the terminal session.
[5:08] With our terminal prompt active it’s now a very simple case of just runing a small script
[5:13] to download and run our payload.
[5:16] You could embed the entire hacking script in the Teensy
[5:19] but having it delivered from a remote server gives you a lot more flexibility.
[5:22] For my demo I’m just downloading the script from my website.
[5:27] This is a fun little demo, but it shows how careful you should be with random USB devices.
[5:32] You don’t really know what they are doing.
[5:35] You are probbably thinking “I’d never fall for anything so obvious”
[5:38] but what about your work colleagues?
[5:40] Are they as smart as you?
[5:41] And what about your children?
[5:42] Or your parents?
[5:44] When it comes to computer security paranoia really is your friend.
[5:47] They are out to get you!
[5:50] I’ve left out a couple of things that make this hack really effective.
[5:54] You’ll know if you are a regular mac user that when it detects a new keyboard it pops up this screen.
[5:58] I’ll leave it as an exercise for the viewer on how they would go about bypassing this.
[6:03] So, that’s it, thanks for watching
[6:05] I’ve got quite a few projects in the pipeline so don’t forget to subscribe.
[6:09] I’ll see you in the next video.


HELP SUPPORT MY WORK: If you're feeling flush then please stop by Patreon Or you can make a one off donation via ko-fi
Want to keep up to date with the latest posts and videos? Subscribe to the newsletter
Blog Logo

Chris Greening

> Image

atomic14

A collection of slightly mad projects, instructive/educational videos, and generally interesting stuff. Building projects around the Arduino and ESP32 platforms - we'll be exploring AI, Computer Vision, Audio, 3D Printing - it may get a bit eclectic...

View All Posts