Plug and Prey: Malicious USB Devices

We are a lot of talking about software security issues and forgot about hardware security. The malicious usb devices are very easy and quickly installable and hardly recognizable. Some hardware key loggers so simple that can’t be recognized by any software. Best solution to found those malicious dongles is physically observe.

Most usb malicious devices can be categorized in 3 categories: it is a usb mass storage devices containing malicious software, hardware key loggers, that without user mention can capture all keyboard keys and save in own flash memory. Some hardware key loggers have wireless access and attacker can take data from distance. And third category is programmable HID USB keyboard dongle devices that can simulate keyboard and mouse and run commands directly to computer. In most cases hackers using those devices to create user in system or leave backdoor for further exploration.

I think this is very useful for systems administrator to deny that system automatically installs any usb devices. It will prevent from spreading malware and also is good option to prevent workers from stealing commercial data.

The complete article can be found here…

This entry was posted in IT Security, Week 14. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s