Mouse gnaws away at security
When security specialists Netragard were asked to test a client's network resistance to attacks, they were set a tough challenge. They were not allowed any physical access to the system they were testing and, for the purpose of this test, social engineering techniques were ruled out. Could they crack the defences?
Penetrating the well-defended system meant they had to bypass the firewall somehow to install software which would open a back door to the network. Getting someone to visit an infected website wouldn't be enough as the system was too well protected by the firewall to allow its machines to download software over the web. One solution might have been to send a whole load of USB Memory Sticks to people in the organisation, each stick preloaded with autorun code. It would only need one recipient to plug in a stick and that would be enough to install the back door code and penetrate the system. But the client also had thought of this and had strict security policies which prevented the use of USB drives.
Netragard solved the problem using a mouse. The Chief Technology Officer, Adriel Desautels, bought a Logitech USB Mouse from a store, then carefully dismantled it and added a flash drive and powerful micro-controller to the innards. When reassembled, it still looked like the genuine article, and when it was plugged into a USB port, it identified itself as a plain old mouse to Windows. But the additional hardware meant that when certain conditions were met it could also behave like a USB keyboard and quietly type a series of keystrokes to install software and compromise the host system.
Next, Netragard bought a readily available list of names and job titles of people working at the client's company, picked out a promising-looking staff member, and mailed him the mouse in its original packaging along with some cover materials as if it was part of a promotional event. The attack worked perfectly. Three days after the mouse was delivered, someone inside the organisation connected it to a computer and the mouse contacted Netragard to let them know it had penetrated the system.
This study shows how even a very well protected system is vulnerable, even when you think you've locked out flash drives and CD drives. Most systems don't have anything like that level of protection and many are vulnerable to autorun software on CDs and memory sticks. Do your staff ever plug untrusted memory sticks into USB ports? A recent study in the US by the Department of Homeland Security found that of the government staff who had found a CD or a memory stick in the parking lot, 60% of them had plugged that foreign object into their computers to see what it contained.
29th July 2011
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.