geekhack
geekhack Community => Other Geeky Stuff => Topic started by: TacticalCoder on Tue, 28 June 2011, 07:05:02
-
Quite a cool security hack here: by apparently using a Teensy controller hidden in a regular mouse (and sending the mouse as if it was a promotional gift to some employee) that then sent commands as if it was a keyboard, Windows machine got "admin'ed".
The article says it can works against any OS but I'm not really sure that it can find a way to escalate privileges on a correctly configured system (one where the regular user accounts do not have admin/root rights).
Still it's pretty scary: imagine someone putting this inside a highly-thought after mechanical keyboard, buy a keyboard on eBay with this thing hidden inside, plug it to your Windows system and goodbye, you've been 0wned (the things evades AV window warnings etc.) ; )
http://www.theregister.co.uk/2011/06/27/mission_impossible_mouse_attack (http://www.theregister.co.uk/2011/06/27/mission_impossible_mouse_attack)
The picture of the mouse's guts looks pretty cool!
-
Wow, that's clever. Like something you'd see in a Bourne movie or something.
-
Even if it did require privilege escalation, all that would need is the standard admin rights dialog asking for permission for mouse_driver.exe. I bet 90% of regular non-techy users would ok it. They just plugged in a new device, it might need a driver. After all they are the same people that ok anti-virus 2010 to be installed from virus sites on the internet.
-
So if a shady looking fellow in the alley outside your office building opens his trench coat and offers to sell you a nice mouse for cheap, say NO!
-
So if a shady looking fellow in the alley outside your office building opens his trench coat and offers to sell you a nice mouse for cheap, say NO!
I'll just laugh at his small penis.
-
The article says it can works against any OS but I'm not really sure that it can find a way to escalate privileges on a correctly configured system
Even if it did require privilege escalation, all that would need is the standard admin rights dialog asking for permission for mouse_driver.exe.
I think you missed the parts about "any OS" and "correctly configured". :caked:
Sending me a hacked mouse would do no good — it won't know my passwords. You'll need to send me a hacked KVM, with DVI support, please.
-
I forget how to read sometimes.
(http://ez37.files.wordpress.com/2010/08/illiterate.jpg)