undefined | Better HN

0 pointsndnxhs7y ago0 comments

You can do all of that without WiFi. How is an attacker with no vision of the screen any more useful than a script that can auto type a command to get remote access?

0 comments

PeterisP7y ago

A script that can autotype a command to get remote access needs to be able to communicate over your network, and it can be detected or blocked by your network security infrastructure.

A device like this packages its own covert communications channel together with the exploit dropper; it provides an entry point to your network (and exfiltration channel) that bypasses all your filtering, logging, scanning, etc.

muthdra7y ago

It's more useful precisely because there's nothing running and no remote access on the OS. Traceless. Norton ain't catch that.

ndnxhsOP7y ago

That's the same as regular fake keyboard usbs. The WiFi has no advantage here

michaelt7y ago

The 'ESPloit v2' [1] appears on USB as both a keyboard and a serial port, and any data sent on the serial port can be exfiltrated by the ESP8266 over its own wifi connection.

You can also imagine a loop where first you install a keyboard logger and exfiltrate the user's password, then later you want to update the exploit scripts to make use of the password. Or hell, maybe this is a prank product and having a wireless button to rickroll your victim on demand makes you laugh.

With that said, the first person to make a fake USB keyboard had a much bigger and more exciting trick than this incremental change.

[1] https://github.com/exploitagency/ESPloitV2

Edit: Or to put it another way, this is like the NSA's "Cottonmouth" bug, which "will provide air-gap bridging, software persistence capability, 'in-field' re-programmability, and covert communications with a host software implant over USB" [2] but 10 years later and without charging a million dollars for 50 units.

[2] https://en.wikipedia.org/wiki/NSA_ANT_catalog#/media/File:NS...

1 more reply

j / k navigate · click thread line to collapse