undefined | Better HN

0 pointsemmelaich7y ago0 comments

'How' is DHCP.

That's one. Apparently there are least 28 more ways to use usb to attack a machine.

https://www.bleepingcomputer.com/news/security/heres-a-list-...

0 comments

>'How' is DHCP.

Not without notice. Your computer won't connect to a wirless network automatically. So in order for this to work, the USB-device needs the same SSID and key. Then, in order to make it not suspicious (and get your data) you need to actually forward traffic to the internet. Not sure if those devices can repeat.

Emulating an USB ethernet might help you, as those will connect, but without uplink it's still suspicious.

jeroenhd7y ago

The "cable" has WiFi, so it's probably possible to set up a hidden WiFi network around the premises of the target and have the implant connect with that. With the right type of antenna you can set up a WiFi connection to a specific device from quite a way away. Then tunnel the connection from your malicious AP and emulate ethernet on the USB side of the implant.

Or, search for open/guest networks and use those as an uplink. There's plenty of possibilities for this to work as a malicious network adaptor.

However, I think the network example is just a proof of concept and the remote connectivity is much more interesting to any real attacker.

j / k navigate · click thread line to collapse