Penetration Testing mailing list archives
Re: USB delivered attacks
From: "Balaji Prasad" <bp1974 () comcast net>
Date: Mon, 31 May 2004 15:09:01 -0700
USB by design is meant to autodetect and autorun. I think the security is compromised when you connect untrusted devices to your computer. I can think of atleast 1 service (terminal services) that allow you to run processes with the screen locked. I presume "autorun" will work under a locked screen. A more generic solution would be to have all removable storage devices mounted as "non-executable". It is trivially done in unix. Not sure how to do this in Windows. ----- Original Message ----- From: "Jerry Shenk" <jshenk () decommunications com> To: <pen-test () securityfocus com> Sent: Thursday, May 27, 2004 7:06 PM Subject: USB delivered attacks
I recently inserted some guy's USB drive into a machine and was a but surprised when it went into an auto-run sequence. I think turning off auto-run is a REALLY good idea. On a USB drive, it seems like it could be really dangerous. Has anybody messed with this? One possible scenario: - Have a USB drive with a few tools on it. - Have an auto-run configured to run pwdump and dump the SAM to the USB drive It seems that this attack would work with a machine that was locked from the console. Does 'autorun' still work under a locked screen? With this USB drive being writeable, it would seem that some scripted attack to extract information from a machine could be amazingly fruitful....the possibilities are almost endless.
Current thread:
- Re: USB delivered attacks Balaji Prasad (May 31)
- Re: USB delivered attacks Antonio Fontes 'Saphyr' (Jun 01)
- Re: USB delivered attacks Gadi Evron (Jun 01)
- <Possible follow-ups>
- RE: USB delivered attacks Steven A. Fletcher (Jun 01)
- Re: USB delivered attacks Gadi Evron (Jun 01)
- RE: USB delivered attacks Steven A. Fletcher (Jun 01)
- RE: USB delivered attacks Jerry Shenk (Jun 01)
- Re: USB delivered attacks H D Moore (Jun 02)
- Re: USB delivered attacks PID4x (Jun 02)
- Re: USB delivered attacks Fred Gravel (Jun 02)
- Re: USB delivered attacks mak_pen (Jun 04)
(Thread continues...)
- Re: USB delivered attacks Antonio Fontes 'Saphyr' (Jun 01)