BAD USB: Attack on a SHUT DOWN Computer | Real Experiment
Ғылым және технология
👾 Follow this link to book a demo: sumsub.com/address-verification/
Did you know BAD USB can hack even a SHUT DOWN COMPUTER? This sneaky tool can harm your computer without you realizing it. This experimental video shows how this tiny device can be used to compromise your computer and steal your personal information. Scary, right? But don't worry, there are ways to protect yourself from this attack. So if you're curious about the inner workings of BAD USB and want to protect yourself from it, this is the video for you!
© 2023. This work by ulunkwulunk sketchfab.com/3d-models/anima... is licensed under a CC BY 4.0 license.
Sumsub - empowering compliance and anti-fraud teams to fight money laundering, terrorist financing, and online fraud.
00:00 Intro
01:47 BAD USB FlashDrive
02:40 What can BAD USB do?
04:23 Integration
05:26 BAD USB in Mr.Robot
06:25 Where to find BAD USB?
07:46 How hackers get your data?
09:35 RCE ATTACK
11:05 How to protect yourself?
More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ 1823. .
#badusb #rubyduck #securecomputerfromhacking #technology #cybersecurity #ethicalhacking #sumsub
Пікірлер: 150
Put your computer's ports inside a steel safe
@BurninGems
11 ай бұрын
Hot glue into the USB ports and no external devices would be better.
10 ай бұрын
Or fill the ports with building foam, silicone, hot glue, etc., alternatively short the data lines.
@hooshawn
9 ай бұрын
Store your data in a black box kept in a data centre not connected to anything. Heck you could even call it the Box 3
@Art3mis_games
5 ай бұрын
Chastity cage
@erikengineer
3 ай бұрын
Block them vua windows advanced swttings XD
11:00 That is NOT a surefire way to protect your computer from a BadUSB device. Once the attacker realizes that the computer only allows whitelisted devices, it's trivial to spoof the VID and PID of the BadUSB to make it appear as one of the whitelisted devices.
@ineedapaimonirl3260
9 ай бұрын
Wouldn't the attacker need to somehow find out the VID and PID of the whitelisted devices though?
@kesslerkevin
7 ай бұрын
@@ineedapaimonirl3260 inference of these devices should be pretty easy to find. Social Engineering would uncover a device used on prem, in-person, or even over the phone. one could even go as far as talking to contractors to uncover information with social engineering. This is why security policies should be implemented by IT.
@christopher480
3 ай бұрын
these guys dont really know what they are talking about......these vids are just a way for them to talk you into a service you dont need.
Also if someone suspects that this happened, they could turn their router off or unplug the computer from the network while they reinstall the OS. Sure there are ways to get rid of these things without reinstalling. I just prefer a clean install so I know that I am rid of it and anything else that may have been installed that I did not notice any signs of. It also helps in case the malware is a newer variant that antivirus does not yet recognize. One thing to remember about malware is it can be tricky to pick through and remove all traces. With a clean install you know it is gone and you didn't spend your day searching the registry for it. The other nice thing about a clean install is that some malware reinstalls if you miss any. That doesn't happen with a clean install. Instead you know it is gone.
@5247814
11 ай бұрын
But once this happened the attacker will have already extracted sensitive information such as passwords stored in the browser, payment information, and encryption keys. None of the remediations you mentioned will fix that.
@ClickClack_Bam
10 ай бұрын
Be clear about what a "clean install" is. Thinking that you can just run your Windows restore backup is NOT a "clean install". Virus routinely hide inside backup & restore files & you'll simply reinfect yourself over & over if this is the case. A "clean install" means you have a separate introduction to your computer that COULDN'T have possibly of been infected with your current issue. When sophisticated attacks always being thought up, even backups from the cloud & the network can be compromised.
@christopher480
3 ай бұрын
@@ClickClack_Bam if you dont even know what a clean install is then this vid is well beyond your skills.
SumSub is filling the Disrupt sized hole in my heart!
I'm one of the lucky people that have had one of these flash drives sent to me from a fake Amazon... I opened it up first thing before doing anything else because the letter that came packaged with it looked sus as hell. If it was just a flash drive with no letter I might have just plugged it into my PC. It had a ESP32 Arduino board in it but I think something went wrong when they flashed it because I got corrupted data when I dumped the firmware. I even tried plugging it into an old laptop when I failed to dump any data from it but it didn't do anything. I've since repurposed it and have used it for various tinkering projects so I'm kinda glad they sent it to me. Because in the end I just got a free Arduino board out of it.
@Jaxx7594
10 ай бұрын
An esp32 arduino board? Esp32's do stuff with wifi (as you probably know since you seem knowledgable on this stuff) if i remember correctly. Not sure why they wouldnt send a duckyscript usb to just use cmd to grab wifi passwords and send it through a webhook rather than try hack it lol, and how were they gonna try send the pcap file? Doubt they would have been able to do much to you even if they flashed it correctly if it was just an esp32
Thank you Elliot and SumSub 💯
@Sumsubcom
11 ай бұрын
You’re welcome man!
11:01 That's doesn't matter, it's possible to figure out the vendor ID/Product ID of an allowed device and program on a BAD USB...
Pro tip: you can change the VID and PID of badusb devices
@CTimmerman
11 ай бұрын
Even so, it should be trivial for an operating system to block input from non-input devices and show a little popup with "Do you want to connect X? Y/N", in fact MacOS already does so.
@kesslerkevin
7 ай бұрын
@@CTimmerman This is a false sense of security. Entirely impersonating a HID device and sending keystrokes is how keystroke injection attacks work.
Is the device whitelist enough protection? Isn't there some sort of passthrough bad usb that would have a female usb port on one side thay you would plug in the original peripheral and it would clone its ID and other properties so it would bypass the whitelist?
@PepsiMaxVanilla
11 ай бұрын
good idea
maybe you should hide the name of these usbs as I found so much information that a newbie could make an attack on someone by just using a USB. but anyways the video was great and the editing is just one of the best I have ever seen. and btw thanks for making these videos as it helps outers to get better at the security
@BenjaminHari
11 ай бұрын
It's funny how they were trying to hide executed code by blurring but then not hide the cheap ATMEGA microcontrollers. Not to mention the info on how to do BadUSB and even pre-made scripts are available freely on KZread and other sites. Instead of trying to keep malicious people away (near impossible) they should instead teach people on how to protect themselves better which they did but on very basic level though.
@marcuspvxea
10 ай бұрын
@@BenjaminHari Because you can just get the same results in one google search.
I recently got into hardware stuff and made similar thing with my Raspberry Pi Pico, "macropad" cool thing if you like to tinker
What about virtual machine? Are they programed so they escape it?
Nice Video. Unfortunately, even computers without internet (and data) are not safe. There are also USB sticks that contain a capacitor that will destroy your entire PC. So only do this if you know what you are doing.
@BenEehayeh
11 ай бұрын
William Binney, Technical Director at NSA, retired, stated, "When you need to compose a secret message to send through a network, keep it small, 140 characters, and use pencil and paper."
@shadowe5067
11 ай бұрын
Best way to be safe is not to turn off your phone but unplug the battery
@BenEehayeh
11 ай бұрын
@@shadowe5067 2006 for sale, msrp $600, flip phone that doesn't need a battery to use gps and make phone calls, collecting energy from the air. Good luck unplugging your battery.
@1p2k-223
11 ай бұрын
Using superglue to "brick" the USB ports is possible, as well as gluing the keyboard and mouse USBs to the PC. (Ofc, it'll make replacing them tricky tho)
No malware needed! The protection software is the malware as it make the product so hard to use its unusable. True for most corporate computers.
@5247814
11 ай бұрын
Exactly! Clicking an extra modal window or entering a secure password is exactly the same as having all of your passwords and financial data stolen.
A simple OS-level fix would be to always inform the user that a new "keyboard" was detected and to stop keystrokes from going through.
I would have designed a dedicated PCB for this and programed it as a USB hub, so there will be a flash drive, and a keyboard in one. The user will think it’s a flash drive and use it as normal and unknowingly inject the malware into multiple devices as they transfer files from one device to another. The malware will do its job behind the scenes with low risk compromising tasks such as fetching personal data which could be sold such as email addresses, and ad data. I don’t think this would be hard to do…. I’ve never done it and I never would, but knowing is possible and how it’s possible is the first step to prevention
So lets say I have this Huge plush Enter button that I do not trust since I bought it from Ali Express. How do I put the device under surveillance? Do I have to use a Keylogger to know whats being typed by the device or are there any better methods?
If anyone else has physical access to your machine, or if you run any untrusted code (javascript etc) it is game over. How many times does it need repeating?
How would these attacks fair up against immutable OSes?
Do these softwares run on linux?
I actually made my own to run non-maliciouse code(For a Demo of what these could do).Realistically they are so small I instead grabbed a plug in wired keyboard and directlly connected the micro usb.
@1p2k-223
11 ай бұрын
I'd like to use one to automate startup and preconfig of a Live OS
You can actually change the firmware that runs on a USB stick, this way you can just repurpose generic USB flask drives and program the controller to also expose a HID device when needed!
@sjoervanderploeg4340
10 ай бұрын
And no, filtering by device ID is not a failproof way when you inject your own HID devices, you could just pretend to be any other device you wanted or even bruteforce an ID that does work!
Can you please make a video about if there is flash drives that already affect your computer after plugging in and then out and still counting as its plugged in using wifi, And if so. Can you please make a video how it looks like or
I sat through a sumsub ad! Ill never get that 12 minutes back!
@christopher480
3 ай бұрын
exactly and thats why he gets a thumbs down a reported for misinformation.
3:20 When did they rename "Device Manager" to "Task Manager"? lol
Obscurity over security ;) If you setup your machine in a non typical way, she'd win. How about the intel management hacks?
@eriottomakurashi
11 ай бұрын
If u are a nobody most probably you will be safe, but if u are a relevant person, lets say an owner of a finance company or some lesser, but still important role… well u could still get somebody trying to make a personal attack on your pc well ur non-typical way has most likely more mistakes and vulnerabilities than a typical windows pc
Just disconnect from all networks, Bluetooth included
I teach English in China. Chinese software and Chinese computers in a war for domination, it's so convoluted. That's why when a student asked me to scan his semester's worth of homework, I said do it yourself. I installed the printer scanner software on his laptop but it's being blocked by something. Oh well, his problem, not mine.
As a gamer It only takes 15 minutes to re-install windows and and a few more for drivers...Run a spring clean/format/ O.S reinstall annually...NO MATTER WHAT. But if i worked fromhome on mah pc , geez what a nightmare.
7:35 Rat= Remote administration tool
10:07 Delayed RCE is such a simple yet checkmate attack!.
Suppose you have Virus,malware file in your PC and you don't know. Does that also gets backed up to your cloud storage(Onedrive)
7:20 You sure it's not possible to extract code from arduino? It can be trivial to extract & disassemble such mcu code.
@AlexanderSama
11 ай бұрын
Yeah, don't know if Eliot meant that specific code, but generally it is possible to get the original code from an arduino after the compilation process. You'll need a few steps to get the HEX, then a disassembler, and finally translate it from assembly to C++
@wackymoder
11 ай бұрын
Elliot is minorly lazy and unknowledgeable.
Where can I download these script files and if the attack is possible on Digispark ATtiny85 microcontroller
His voice is like a narrator from horror film 🥶🥶
It is important to state that msiexec is a major security hole, but M$ doesn't give a crap. The best course of action is to replace that executable by a dud.
the pico is even cheaper and still very good and i think it supports most OSes
What would this attack do on a PC where you are not logged into a admin account? nearly all video's/articles do not show this.
@mrnibbles1
4 ай бұрын
To my knowledge there would be little to no difference in what could be done.
I would’ve love to get sent one of those
USB VendorID and ProductID (VID&PID) even usb_product & usb_manufacturer can be changed at arduino boards "\arduino\hardware\arduino\avr\boards.txt" I can make badUSB look like any USB device, for example Logitech K270 Unifying Receiver
Has anyone created a program that disabled the usb slots everytime the corresponding usb was unplugged? And that you had to type in a password to reactivate it?
@MStrong95
11 ай бұрын
This seems like a good idea and hopefully some programmers who need new ideas for projects take inspiration
@alfonzo7822
7 ай бұрын
That's an interesting concept, haven't heard of anything that's been created like that.
Time to watch this video because I feel paranoid
@therealb888
11 ай бұрын
Feel even more paranoid?😂
@fardshidder
11 ай бұрын
@@therealb888 yeah but at least now I know to check the back of my computer often
@richardkm5355
11 ай бұрын
😂😂😂
@therealb888
11 ай бұрын
@@fardshidder Lol me too. I knew of this, but a refresher is always welcome.
@stefanl5183
11 ай бұрын
@@fardshidder If somebody breaks into your house and has physical access to your computer, you got bigger problems to worry about than this.
This is old news, new bUSBs can work hundred times flaster and have encrypted memory
You can use a USB data blocker to stop any malicious code been sent to the computer .
@erikslot7023
11 ай бұрын
There is ways around that 🙂
@sionguz450
3 ай бұрын
@@erikslot7023theres no ways when theres no data pins haha
Brother your to genius
I am waiting for your video.. 😃😀
Well, i would have those USB-Sticks for free! There are Arduino Pro Micros in there. They cost around 10 euros. Ill take them for free.. so i can reprogramm them to make them fit for my own Projects. I like to play around and build devices with Arduinos. they are quite useful. especially for small Circuits, which needs an Microcontroller.
My Flipper Zero says "hello".
Most decent AV conducts a scan on any connected external drive. Why didn't you mention this?
@realfun7188
11 ай бұрын
Because the vulnerabilities in the video werent known by AV companies at the time the attack was being implemented. An AV scan likely wouldn't have detected it.
@MartinMcAvoy
11 ай бұрын
@@realfun7188 Not really true. Good AV companies invest vast amount of money on global intel, to report, test and provide signatures for dangerous code. The updates happen in real time. It is possible for zero day code to be created that would defeat any AV. Stuxnet would be a good example but this is rare and expensive to create. My question is more about whether the code itself can disable the AV, or function outside of normal AV scanning? That would be very sophisticated & dangerous but I don't think it exists, outside of government agencies. Stuxnet had multiple zero day exploitation code but it has been reverse engineered, added to the signature databases and is no more dangerous now than a kiddie script. It is interesting how computer code is so much like biological DNA.
@stefanl5183
11 ай бұрын
Problem is it's not a usb drive. It's a usb keyboard or at least it's acting as one and it's automatically typing commands that download and install the malware. As far as the system knows, it's you typing those commands. One way to thwart this is NOT run your computer logged in all the time with administrative or root privilege. Then when it send the keystrokes the system won't allow the commands to execute. Problem solved right there.
@user-zh2wl2sl2u
11 ай бұрын
Bruh, its a microcontroller emulating a keyboard the pc aint gonna scan a keyboard it just thinks its a regular human typing it its not a flash drive dumbass
11:11 Uhhh you can just easily re-program the vendor ID and product ID on the arduino. If this is supposed to be a cybersecurity education channel, you shouldn't spread misinformation, especially the claim that it is a "perfect solution". Please be better. Edit: Also VID and PIDs aren't exactly secret, there's a public list of them.
...Or just do not put random usb into computers.
If you don't run logged in as administrator or root by default, would that not prevent the commands from being executed? Installing software require administrative privilege does it not? There ya go! Problem solved and hack thwarted!
@DanielMYT
11 ай бұрын
Most software can be run without administrator/root privileges. It will not be able to modify system files but could still potentially access or modify your personal data.
@alfonzo7822
7 ай бұрын
It's easy enough to elevate to administrative rights from a non admin account if you know what you're doing.
i thought is was a USB that was bad but in reality it was very bad
Whomever trying to hack defense companies with such a hacked up solution is unbelievably stupid. If I were one of those, I would come up with a flash drive that behaves 100% like a normal flash drive and uses 100% the same circuit so no one would discover it. For instance, inside those flash drives is a programmable USB controller chip (i.e. it has an embedded CPU inside handling USB handshaking and flash initialization, then uses DMA to shuffle the bulk of the data), and a flash memory chip. If I were doing this, I would get a copy of source code of normal program running inside those chips, modify the code so once in a while it secretly attacks once, then revert back to normal operation. I will reprogram a totally normal flash drive with this spiced up code, and deliver it as a gift. Oh, BTW, I would also not choose my method of attack like this. A USB HID is so easy to get recognized. I would exploit buffer handling bugs in the USB driver stack (Ring 0 code is NOT DEP-protected on Windows), then carefully construct malicious USB data packets to inject machine code into the driver stack. This would be really difficult as the driver stack is really well guarded by code reviews, but I'm sure if a major government is to pull this off, they have uncovered 0-days here and there at disposal.
Yeah you could probs make a udev rules that bans all unapproved HID devices unless its a specific usb keyboard or only I2C if the pc has a built in keyboard/touchpad
What can you use to live a normal life without somebody being nosey?
Use ghost Linux to reset it
Do you have any really hacking course we want to join
This is a clickbait that can be forgiven
the military presence is here now and will express extreme prejudice🖤👹☠💀
why the fuck is the usb connector so janky?
Whitelists won't help, it's easy to spoof the ID
Elliot from MR.ROBOT ?
@Sumsubcom
11 ай бұрын
Who knows…
"Attack on a SHUT DOWN Computer" is clickbait, imo. it heavily implies that the attack can work while the PC is off, not waiting until it's turned on.
@thahrimdon
10 ай бұрын
Technically the injected USB could send a magic packet and wake the computer over “LAN”. But still it would have to mean it’s turned on so yeah kinda
In all honesty computers should be locked away where staff can't touch them, if there's usb ports they can reach fill them with superglue. It doesn't matter how many times they are told they will still plug things in and click attachments. I have never had a client get hacked, but I have had systems brought to their knees by stupid staff.
@Oliver_Atkinson
11 ай бұрын
Just turn off the USB ports (idk if windows can do this, but you can disable them on linux)
@MissFoxification
11 ай бұрын
@@Oliver_Atkinson Not all machines allow that for one and it can be all or none, so if you turn them all off you won't have a keyboard or mouse anymore. There's ways to get around disabling them, the easiest way to fix it is superglue. Staff never listen and always mess with things they shouldn't.
@nickv1008
11 ай бұрын
I was thinking hot glue, or maybe silicone seal. Superglue the keyboard and mouse so they don't unplug them to use. Remember the good old days when people were afraid of computers...just seeing a punch card would invoke fear, and computer tech was god.
@MissFoxification
11 ай бұрын
@@nickv1008 Haha, back in the day when people would ask before plugging something in? Back before plug n pray, I do not miss DIN connections.
@nickv1008
11 ай бұрын
@@MissFoxification I may have some equipment with din connectors, probably lurking around an analog piano tuner (it has a spinning disk with a light behind it). I sold my u-matic video recorders a while back, I think they had din plugs.
❤❤
I would be happy if someone would send me one of those overpriced arduino boards. P
can we check the usb on a virtual machine to see if it is safe to use it ?
@Sumsubcom
11 ай бұрын
Yup
@rafinazmulrafi
11 ай бұрын
How?
@wackymoder
11 ай бұрын
@@rafinazmulrafi Here are some steps A) boot up a vitrtual machine. B) have it grab all your input C) it logs all keystrokes (Vbox already does this if I remember correctly) D) ???? E) PROFIT
@stefanl5183
11 ай бұрын
Yeah, but there's an even easier way to thwart this hack. Don't be logged on with administrative or root privilege when you plug in the usb device. To download and install software should require admin privilege and if you aren't logged on with that level of privilege the commands should be rejected by the OS. Problem solved as simple as that!
Knka turkce altyazida ekle
❤
No one can beat you in regard of hacking thank u
You ARE hackers if you can do these things, WHITE HAT hackers they are called. And hacking doesn't mean something is bad, it's just people that are good at creative uses of technology, just like electronics engineers but more often with software.
Maybe computers aren't that convenient or useful, after all. 🙄
Hehe
windows lol
So where's the part of the "SHUT DOWN COMPUTER"? Kek. Misleading crap
Ur name starts with a A
If you use a Windows machine you deserve what you get. Windows is trash.
test
Plus who gives out their real info
Bad USB is not a device. Bad USB is a rootkit itw malware, PoC in 2013. To burry the Bad USB malware discussion, someone invented Bad USB device attacker and overly promotes it. Taking the Hak5 Rubber Duck and rebranding it as Bad USB. WTF.
@wackymoder
11 ай бұрын
Its branded as Bad USB because he doesn't want to direct traffic to the Hak5 Rubber Ducky
whitelists really????? bad actors would just make the device appear to have a know vendor id... who wrote this crap??///? you can contact me, 20 yrs in it, and interview me, this is the worst video ive ever seen
@alfonzo7822
7 ай бұрын
No cap