USB drive-by HID attack – part 1 introduction

This series of posts is about keystroke injection tools disguised as generic USB memory sticks and in particular, the BadUSB Beetle, which cost under £10 and is based on an Arduino Leonardo chip.

They can be used to create easily repeatable demonstrations that illustrate why basic security precautions are so important. For example, they can be programmed to grab stored Wi-Fi credentials and send them to a Google email account within seconds of being plugged in. These demonstrations aim to be real-world examples (i.e. with AV and firewalls running on an up to date Windows 10 PC) and show how an attacker or pen tester might exploit a vulnerability or lapse in security.

Continue reading “USB drive-by HID attack – part 1 introduction”