Jump to content

[Info] I'm doing a science fair project on Human Interface Devices


DrDinosaur

Recommended Posts

Hello. I was interested in this attack vector, so I did some research on it. I liked the idea, so I did some experimentation as well. I'd just like to share my research paper I wrote on it. It covers both the Teensy and the USB Rubber Ducky. The district fair is coming up soon, so I have to prepare for it. Anyway, here is the link to the paper: http://goo.gl/meKuj Thanks!

Link to comment
Share on other sites

Not bad for a first crack at a paper.

I would like to see charts e.g. comparing load/execution times on payloads; ducky vs teensy ;)

You briefly mentioned AV, you could expand on this seeing how effective AV and device control is e.g. Symantec, Sophos, ...

or device control specialists like lumension, gfi, devicelock

Other interesting research:

Edited by midnitesnake
Link to comment
Share on other sites

Great share! Just as mentioned above, some AV solutions include a Host Based Security System (HBSS) which can whitelist hardware as well as software. In an environment that uses all Dell keyboards or just specific ones that do not use generic drivers this attack would be defeated.

Not with version 2 firmware (normally whitelist is based off VID & PID), assuming you have a laptop you can re-write vidpid.bin to support the VID&PID of known device (obtainable from device manager on Win_X or lsusb (usbutils package)(or at least dev) on Unix).

Bypass AV/HBSS for the win!

Link to comment
Share on other sites

Not with version 2 firmware (normally whitelist is based off VID & PID), assuming you have a laptop you can re-write vidpid.bin to support the VID&PID of known device (obtainable from device manager on Win_X or lsusb (usbutils package)(or at least dev) on Unix).

Bypass AV/HBSS for the win!

Good call! As always the more research you do on a target the better prepared you can be.

Link to comment
Share on other sites

You could even do the some old skool Social Engineering type phone calls before hand, complain about your keyboard, ask the person about their keyboard, how they like it, and any identifying manufacturing marks e.g Dell, Logitech because you want to go out and try one for yourself

Then look up the VID & PID on: http://code.google.com/p/ducky-decode/wiki/Keyboard_VID_PIDS

Link to comment
Share on other sites

  • 1 month later...

Hello again. Just a quick update. I made it to the state science fair and presented my project to some of the professors of computer science at the nearby university. They seemed to enjoy it and were interested. Here's what I put on FB:

"Won three awards for my science fair project. I got best in category for computer science in senior research (best computer science project in state of Hawaii), $200 from Intel in the national Excellence in Computer Science Award (winner of entire computer science division), and $200 from the Department of Information and Computer Sciences and the University of Hawaii at Manoa (general award for excellence in computer science). They even said my project name out loud (which is rare and rather humorous given the manner in which they said it in) and spelt my name right in everything. Until next year."

Thanks to the rubber ducky community for all the resources and support! I hope to do another computer security project next year. Maybe with pineapple, but I'm not sure yet. Anyway, thanks again.

Regards,
Dillon

post-41463-0-24330800-1365663679_thumb.j

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...