Flutterby™! : USB HID pwnage

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

USB HID pwnage

2014-12-19 19:02:59.762825+00 by Dan Lyke 3 comments

This Little USB Necklace Hacks Your Computer In No Time Flat, describing USBdriveby, a device that uses USB HID to take over a Mac when it's plugged in.

Time to epoxy up those USB ports, kids!

[ related topics: Children and growing up Macintosh ]

comments in ascending chronological order (reverse):

#Comment Re: USB HID pwnage made: 2014-12-19 19:33:15.49456+00 by: markd

Looks like it's assuming that the machine is left logged in and unattended and is just a faster version of someone typing in stuff (Hey, this is Unix. I know this). if you let someone have that kind of access to your machine you get what you deserve.

Now if he can demo that working when walking up to a machine that's password-locked, then I'd be impressed.

#Comment Re: USB HID pwnage made: 2014-12-19 20:14:23.805406+00 by: Dan Lyke

If it occurs fast enough, you just put this in a USB stick and give it to someone. Or, echoing previous exploits with autorun.inf, leave some malicious USB sticks lying around outside offices of place you want to infiltrate...

#Comment Re: USB HID pwnage made: 2014-12-21 11:21:01.926669+00 by: meuon

Side note, I watched the first public demonstration of this type of attack several years ago at Phreaknic by IronHacker, and it had been around before then. I think there were some ways around login in MS-Machines, but that is just my memory