Now Reading
Constructing an Evil USB-C Dock · Aura Analysis Division

Constructing an Evil USB-C Dock · Aura Analysis Division

2023-03-09 06:55:24

Background>

Background

#

Lately, laptops have turn out to be thinner and all of their I/O ports have began disappearing. Nonetheless, to unravel this, alongside got here dongles and docks.

Image showing an assortment of USB-C docks and dongles


Image source – arstechnica # Guidemaster: Picking the right Thunderbolt 3 or USB-C dock for your desk

USB-C docks like these at the moment are seen throughout places of work, particularly in “scorching desk” environments, permitting an worker to take a seat down at any desk, plug in a single cable, and instantly have a ready-to-use workstation. They’re additionally widespread in “coworking areas”, the place a number of firms and people share an workplace house.

Nonetheless, I imagine an previous risk looms on this atmosphere…

Evaluation of USB Assaults>

Evaluation of USB Assaults

#

We’ve all been informed the identical factor for years don’t plug untrusted USB units into your pc.

Malicious USB units can pose a lot of threats, equivalent to:

  • ???? Serving malicious recordsdata: Malicious USB storage units could comprise malicious recordsdata, equivalent to undesirable .exe, tampered paperwork with exploits, and many others.

  • ????‍???? HID Emulation: So referred to as “BadUSB”, “Rubber Ducky” or “Bash Bunny” units could seem innocuous, however when plugged in they’ll emulate a keyboard and fireplace off a whole lot of pre-programmed keystrokes per second. This can be utilized to steal knowledge, set up backdoors, or carry out all types of different assaults.

  • ⚡️ USB Killer: This one is a little more excessive, however malicious USB units could purposefully injury your pc by zapping the USB bus.

USB-C docks ought to be seen as no exception. In-fact, I imagine they’re a a lot greater risk than conventional USB assaults, as folks have learnt to belief name-brand USB docks, and don’t see them as a risk.

A Enjoyable, Easy Proof-of-Idea>

A Enjoyable, Easy Proof-of-Idea

#

To show my level, I made a decision to create a easy, sensible POC utilizing a reputation model USB-C dock with a hidden malicious implant.

Earlier than we get to the horrors of my work, I’ll begin with a demo:

So what’s taking place right here? Nicely, hidden contained in the dock is a Raspberry Pi Zero W operating
P4wn P1 A.L.O.A
– an excellent framework for turning a Pi Zero into “A Little Offensive Equipment”. This can be utilized for a variety of USB assaults, however right here I’m particularly utilizing it to inject keystorkes.

This may be abused to carry out all types of assaults, equivalent to:

  • Stealing knowledge.
  • Putting in a reverse shell.
  • Performing malicious actions on the consumer’s behalf.

Putting in the Implant>

Putting in the Implant

#

It’s not *too* tough to open these docks, nevertheless it takes some work. There’s a rubber pad on the underside caught down with some adhesive, hiding a collection of screws beneath. This makes it straightforward sufficient to disassemble, however fairly tedious to open and study. At a fast look, it additionally appears unlikely somebody might have opened it up and sealed it once more.

As soon as disassembled, you may see there’s truly loads of vertical house to cover malicious parts.

To maintain issues easy, I made a decision to only hijack one of many rear USB 2.0 ports by soldering some results in the again of the connector.

This could then be merely soldered as much as a micro USB cable related to a Pi Zero.

To stop shorts, I additionally wrapped the Pi in electrical tape. To stop the Pi from audibly rattling contained in the case, I wrapped it a number of occasions till it was firmly in-place.

See Also

Are you able to inform the distinction?>

Are you able to inform the distinction?

#

As soon as re-assembled, it appears similar to the actual factor:

It isn’t apparent the machine has been opened, and the one notable uncomfortable side effects are:

  • The highest rear USB port doesn’t work anymore – this might be simply solved both by including a small inner USB hub or wiring it through the Pi
  • It’s barely heavier I assume?

Moreover, spoofing the USB vendor and product ID of the Pi permits it to seem real.

Realistically, you would need to open the machine to find out whether or not or not it has been tampered with.

Conclusion & Additional Concepts>

Conclusion & Additional Concepts

#

This enjoyable little undertaking took only a few hours from idea to POC, and clearly reveals USB-C docks might be scary. Plugging in a malicious units in a covert location definitely isn’t something new, however there’s a vary of different assault floor right here simply ready to be explored, equivalent to:

  • Invisible key-logging: Inserting a malicious machine in between a bodily USB A port and the dock’s precise bus could permit an attacker to learn every part you sort, with out you realizing. Very harmful for stealing passwords.

  • Community tapping: Nearly all USB-C docks have built-in ethernet ports. This provides a variety of assault alternatives, from sniffing community visitors to appearing as a persistent distant machine.

  • Display grabbing: Docks often have HDMI ports, and while it might be tough, it is extremely doable a malicious machine might seize the consumer’s display screen and ship photographs/video again to the attacker.
    Inline HDMI capture devices already exist
    , and it wouldn’t be unimaginable to implant one right into a dock like this.

I would discover a few of these in future, however for now, maintain being vigilant with what you plug in to your units – particularly in shared areas.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top