In my example, we interestingly see how by default, OS X does not require additional permissions in this unique scenario. Crazy!
The exploits that could lead to privilege escalation are a different matter (imo they should be fixed).
This hack is very relevent for personal computers, where the user account (in windows i.e.) is an admin and plugging in a USB device does not seem as dangerous as you demonstrated it is.
But I was more thinking about corporate computer systems where such an exploit should only last one session (except for privilege escalation, as OP mentioned).
Interesting hack, somewhat relieved to see that a) it's for OS X, and b) it just leverages a poor design/trade-off between security and convenience on that platform.
I suppose this kind of stuff is a good reason to disable sudo-session caching (or whatever it's called) and demand an OTP for elevating privileges [on Linux].
Looks like windows supports OTP, but only with a dedicated server handling the authentication -- does anyone know if there's an easy way to demand OTP for UAC elevation to local admin on a stand-alone windows 8.1 workstation?
[edit: for Linux/freeBSD the libpam-oath package/toolkit can be used to enable TOTP (Time Based One-time Passwords) that are compatible with Google Authenticator -- there are a lot of tutorials on how to use it with openssh (and with the new ability to demand a set of authentication methods, how to demand eg: both ssh-key and a TOTP). With a little familiarity with pam, it's easy to set up for demanding OTP for sudo. AFAIK OS X also supports pam -- but if the gui allows the system to be backdoored, there's not much point...]
Still, you should be locking the screen if you leave your device unattended. The only things OTP guards against in a physical access scenario are hardware keyloggers and shoulder-surfing, neither of which were part of this attack.
[1] 😉 Just kidding, mostly.
Well, yes. But in the case of bsd/Linux, if your user is in the sudo group/file -- requiring OTP on privilege escalation would help. While in many common configurations, when sudo is set to prompt for a password, it'll also cache that for a certain period.
If* you could make window UAC ask for an OTP (or password) rather than just accept a click on OK, it would also help in this scenario. Note that OTP for every UAC prompt would probably be quite annoying even in windows 8 -- but possibly more manageable than typing in a (secure) password.I can't recall the URL and Google-fu is failing me right now, though.
They are nifty little dev boards, as you can pretend to be a variety of different devices, but the real benefit in my mind is the ease at which you can use the solder pads to build a device and connect it to usb. YOu can dump roms.
The teensy 3.0 is a 32 bit arm processor and has extra ram and flash memory, which is certainly an improvement over the 8 bit avr processor... that said the teensy 2.0 or 2.0++ might be better if you have arduino experience. Both are great boards to play around with, and I expect lots more exploits based around pretending to be various usb devices.
But since Teensy is a different beast, maybe there could be some new neat things you could do with it.
