The New Dangers of USB Peripherals

[c00face]

I am a little clueless on this, but something struck me as I was doing a lot of searching about hacking, the drama in CS:GO, and just what was the current "grail" for hackers these days. I stumble upon a new post about storing hacks into peripherals since it already use a USB protocol. The user beforehand will run a software to program the mouse, the DLL will be stored inside the memory of the mouse, the mouse will act as a hack, and can be used on any computer with a click of a button. I'm no expert in this area, and it seems to have a lot of debate rather it can work or can't. Apparently according to a "rumor" or a thread I've read, it has been done, and it is now private. I decided to look up a Youtube video on the subject to see if someone has posted a similar topic, and what do you know, I've found it. It has been done, and the use of this Youtube shows what it can do with a modified hacking mouse, and all you have to do is click a button to turn it off or on. It is undetected, and the mouse will work as normal.

 

Again, I'm no expect in this matter, I just thought it was very interesting and could this mean there's a new danger to USB peripherals that has been overlooked? Who would think a mouse/keyboard can actually store malware, viruses, and be loaded as soon it is plugged? Rather this is true or not, I figure it'll be a very interesting topic especially if users are already claiming that they were able to modify their mouse as an aim assist. I suggest you take this thread with a grain of salt.

[Dark_Fuzzy]

Even for the mice that have on board memory i doubt they have enough to store any kind of aim assist or other hack.

Also even if you could do that it would work the same way a usb stick does and would be detectable just like any other way of installing a mod.

 

[c00face]

4 minutes ago, Dark_Fuzzy said:

Even for the mice that have on board memory i doubt they have enough to store any kind of aim assist or other hack.

Also even if you could do that it would work the same way a usb stick does and would be detectable just like any other way of installing a mod.

 

- edited -

I can't determine rather the legitimacy of the Youtube video I saw of the actual hack working, but I won't put aside that something like this actually does exist.

[Dark_Fuzzy]

4 minutes ago, Supermangik said:

It's been done. There's an actual demonstration of the modified mouse on Youtube and with one click of a button it aim assists you for CS:GO.

Link?

Again assuming you could even find (or somehow manage to modify) a mouse with enough memory it would still have to install the files.

So other than it being a really sneaky way to move files it works the same way anything else does.

[c00face]

7 minutes ago, Dark_Fuzzy said:

Link?

Again assuming you could even find (or somehow manage to modify) a mouse with enough memory it would still have to install the files.

So other than it being a really sneaky way to move files it works the same way anything else does.

No hacking related links here.

 

But here's an article about peripherals being modified (although it didn't need to) and debugged. http://www.itnews.com.au/news/research-detects-dangerous-malware-hiding-in-peripherals-358265

 

https://www.csscorp.com/blogs/security-services/can-you-really-trust-your-peripherals

[vanished]

So basically this is like having a virus on a flash drive combined with auto play, except that Windows sees it as a perihperal and some how it is able to inject or execute code as a result.  I find this hard to believe, but if it is true, it's a vulnerability in Windows I would expect it to be patched soon.

[manikyath]

actually, this is the very reason the college i went to stopped allowing students to bring their own keyboards to exams.

(they use qwerty, the majority of local population prefers azerty, with an exceptionally large group of students preferring dvorak or colemak)

 

someone complained about this in one of the classes, and offcourse the teacher kinda got ridiculed until i mentioned the school's keyboard of preference has room for two hard drives without interfering with the typing mechanism itself.

 

as for the room inside a mouse.. its kind of a "the most ruthless criminals thing" since all you need to do is solder the chip out of a USB hub, solder a storage device to one of its outputs, and bodge it into the mouse's cable right before it plugs into the mouse pcb.

[c00face]

2 minutes ago, manikyath said:

actually, this is the very reason the college i went to stopped allowing students to bring their own keyboards to exams.

(they use qwerty, the majority of local population prefers azerty, with an exceptionally large group of students preverring dvorak or colemak)

 

someone complained about this in one of the classes, and offcourse the teacher kinda got ridiculed until i mentioned the school's keyboard of preference has room for two hard drives without interfering with the typing mechanism itself.

 

as for the room inside a mouse.. its kind of a "the most ruthless criminals thing" since all you need to do is solder the chip out of a USB hub, solder a storage device to one of its outputs, and bodge it into the mouse's cable right before it plugs into the mouse pcb.

Yea, too many people seem to disregard this issue, but beg to differ. I actually do believe this is a thing, and if peripherals were hacked/modified in 2013, what makes us think it's not a thing for 2016? If the aim assist mouse hacking video I saw was true, then there's no reason in my mind to say such a thing doesn't exist.

[manikyath]

1 minute ago, Supermangik said:

Yea, too many people seem to disregard this issue, but beg to differ. I actually do believe this is a thing, and if peripherals were hacked/modified in 2013, what makes us think it's not a thing for 2016? If the aim assist mouse hacking video I saw was true, then there's no reason in my mind to say such a thing doesn't exist.

the thing is the level at which the "cheat detection" works. afaik most modern shooters have a runtime level anti cheat detection, so the means of the hack coming in doesnt really matter, since the game itself will detect if it's being messed with, no matter the source.

 

in the end there's always gonna be some way, even if we force all players to use event-provided peripherals, had the entire place shut down from the internet, farraday cage the main stage, and let the players go trough a metal detector. someone will find a way, and they'll use it to win the event.

[vanished]

4 minutes ago, Supermangik said:

Yea, too many people seem to disregard this issue, but beg to differ. I actually do believe this is a thing, and if peripherals were hacked/modified in 2013, what makes us think it's not a thing for 2016? If the aim assist mouse hacking video I saw was true, then there's no reason in my mind to say such a thing doesn't exist.

I think the idea raised by @manikyath is completely feasible, but very different to what I was thinking.  Sure, you could easily hide a TB or two of storage in a mouse (they've got 200+ GB micro SD cards) but when plugged in, it would just show up no different than a usb flash drive, and thus would abide by all the same rules.  I was thinking you were describing some specialized device that when inserted showed up to windows as a mouse or peripheral of some kind but instead injected or executed code somehow.

[manikyath]

2 minutes ago, Ryan_Vickers said:

I think the idea raised by @manikyath is completely feasible, but very different to what I was thinking.  Sure, you could easily hide a TB or two of storage in a mouse (they've got 200+ GB micro SD cards) but when plugged in, it would just show up no different than a usb flash drive, and thus would abide by all the same rules.  I was thinking you were describing some specialized device that when inserted showed up to windows as a mouse or peripheral of some kind but instead injected or executed code somehow.

the thing is "the most ruthless criminal"

 

you have access to the USB bus, "unlimited" access even, if enough money and time is thrown at the problem i wouldnt be surprised if someone makes a mouse that captures the display trough USB, processes on-device, and points the mouse accordingly.

 

virusses that transfer trough usb sticks work on mere kilobytes, imagine what can be done with unlimited time, storage, and hardware access.

[c00face]

2 minutes ago, Ryan_Vickers said:

I think the idea raised by @manikyath is completely feasible, but very different to what I was thinking.  Sure, you could easily hide a TB or two of storage in a mouse (they've got 200+ GB micro SD cards) but when plugged in, it would just show up no different than a usb flash drive, and thus would abide by all the same rules.  I was thinking you were describing some specialized device that when inserted showed up to windows as a mouse or peripheral of some kind but instead injected or executed code somehow.

But if that was the case, it can be done also. In the article I posted, without any modification, a program called (insert name) was used to hack into the network card peripherals without any modification. That was done in 2013, so it's a more likely reason to assume something similar can be done with keyboard and mouse peripherals. I'm not saying it's highly feasible, but it isn't highly unlikely either. There is a Youtube video I watched, where the guy demonstrates the modified/hacking mouse and he claims he only used a software to reprogram his gaming mouse to get his aim assist.

[vanished]

2 minutes ago, manikyath said:

the thing is "the most ruthless criminal"

 

you have access to the USB bus, "unlimited" access even, if enough money and time is thrown at the problem i wouldnt be surprised if someone makes a mouse that captures the display trough USB, processes on-device, and points the mouse accordingly.

 

virusses that transfer trough usb sticks work on mere kilobytes, imagine what can be done with unlimited time, storage, and hardware access.

 

2 minutes ago, Supermangik said:

But if that was the case, it can be done also. In the article I posted, without any modification, a program called (insert name) was used to hack into the network card peripherals without any modification. That was done in 2013, so it's a more likely reason to assume something similar can be done with keyboard and mouse peripherals. I'm not saying it's highly feasible, but it isn't highly unlikely either. There is a Youtube video I watched, where the guy demonstrates the modified/hacking mouse and he claims he only used a software to reprogram his gaming mouse to get his aim assist.

 

Wait I think I'm getting lost here... are we talking about embedding an aimbot into the mouse, cheating on exams by bringing in lots of files, or hacking stuff just by plugging a thing in?  

[manikyath]

1 minute ago, Ryan_Vickers said:

Wait I think I'm getting lost here... are we talking about embedding an aimbot into the mouse, cheating on exams by bringing in lots of files, or hacking stuff just by plugging a thing in?  

we're kinda generally talking about the possibilities in general.

[mariushm]

You can make pass through usb devices.

 

For example, you could put inside the keyboard a data logger which would memorize everything typed and pass through to the operating system every key instantly, so nobody would even know they keylogger is there. It's invisible to the operating system, well in best case scenario you would see that the keyboard is no longer identified by the OS as "Logitech super duper keyboard model 500" or something like that, it will be shown as  "generic keyboard" or something to that effect. (with a lot more work, you can customize even the hardware ids and everything)

 

When hacker wants to retrieve the data, he could simply open notepad and type a specific password on the keyboard and the device inside the keyboard would detect that and start spewing out everything it recorded into the notepad document.

 

Just the same, the pass-through device could analyze the way you type and when it detects you didn't type for more than a few minutes it could assume you're not at the computer and it could start sending keys like  pressing Windows key, typing CMD in run box to open a command prompt, and then typing commands to download malware or make changes like opening ports into the firewall and pinging a remote host to let them know the way to the computer is open.

 

Just the same, when entering a key combination on the keyboard, the chip inside could disconnect the keyboard from usb and reconnect itself as a mass storage device allowing the person at the computer to transfer into the computer a few files (a virus, a downloader for bigger viruses, a remote login tool etc)

 

All of this can be done with $2 microcontroller chips and a soldering iron so yeah, it's quite possible.

 

[vanished]

3 minutes ago, manikyath said:

we're kinda generally talking about the possibilities in general.

Well I think there are huge possibilities for the first two things I listed, and actually don't care since A, there's not really anything you can do about that, and B, it's not a unique, new, or particularly concerning "problem".  Now, the last of the 3 things I listed would be a big issue, but like I said, I doubt that's a thing... at least for now.

[KuJoe]

This isn't anything new. There was a nice write-up from a security company who hacked a company by sending one of their system admins a free mouse, after he plugged it into his work computer the security company had full access to his system. If anybody can find the article it would be appreciated.

 

EDIT: It looks like the original write-up isn't available but here's an article: http://www.theregister.co.uk/2011/06/27/mission_impossible_mouse_attack/

Keep in mind this happened 5 years ago.

 

EDIT 2: Here's the full write-up: http://www.netragard.com/netragards-hacker-interface-device-hid

[manikyath]

1 minute ago, Ryan_Vickers said:

Well I think there are huge possibilities for the first two things I listed, and actually don't care since A, there's not really anything you can do about that, and B, it's not a unique, new, or particularly concerning "problem".  Now, the last of the 3 things I listed would be a big issue, but like I said, I doubt that's a thing... at least for now.

it comes down to how "economically viable" the whole party is.

 

engineering hardware for a "cheating mouse" is NOT worth it with the current price pool, it's a joke.

but as we see price pools increase, and the availability of "hardware hacks" spread, you suddenly jump to a place where professional cyclists have bikes with a 20 watt electric motor that is not visible without cutting open the bike.

[vanished]

3 minutes ago, KuJoe said:

This isn't anything new. There was a nice write-up from a security company who hacked a company by sending one of their system admins a free mouse, after he plugged it into his work computer the security company had full access to his system. If anybody can find the article it would be appreciated.

I would like to see that article too, since I see only three ways plugging something in would cause that.  Either it was like a mass storage device or something similar, and it "auto played" in which case it's just user error, or its taking advantage of some vulnerability in Windows by sending commands or something like that, in which case that should be patched by now.  Or, it's the elaborate thing @mariushm described where it sits waiting and then starts playing back macros like typing commands, etc. which is sneaky, but again, could be chalked up to user error, as there should be no way for a mouse to steal your password, and you should only ever leave your computer on the lock screen when not in use.

[KuJoe]

1 minute ago, Ryan_Vickers said:

I would like to see that article too, since I see only three ways plugging something in would cause that.  Either it was like a mass storage device or something similar, and it "auto played" in which case it's just user error, or its taking advantage of some vulnerability in Windows by sending commands or something like that, in which case that should be patched by now.  Or, it's the elaborate thing @mariushm described where it sits waiting and then starts playing back macros like typing commands, etc. which is sneaky, but again, could be chalked up to user error, as there should be no way for a mouse to steal your password, and you should only ever leave your computer on the lock screen when not in use.

I updated my post with 2 links, the 2nd is the most informative one.

[vanished]

8 minutes ago, KuJoe said:

I updated my post with 2 links, the 2nd is the most informative one.

Ah, so it did act as a typing macro device that launched stored viruses (is my understanding).