Author Topic: Install a keyboard or a mouse, get 0wned... (Read 2359 times)

TacticalCoder · « **on:** Tue, 28 June 2011, 07:05:02 »

Quite a cool security hack here: by apparently using a Teensy controller hidden in a regular mouse (and sending the mouse as if it was a promotional gift to some employee) that then sent commands as if it was a keyboard, Windows machine got "admin'ed".

The article says it can works against any OS but I'm not really sure that it can find a way to escalate privileges on a correctly configured system (one where the regular user accounts do not have admin/root rights).

Still it's pretty scary: imagine someone putting this inside a highly-thought after mechanical keyboard, buy a keyboard on eBay with this thing hidden inside, plug it to your Windows system and goodbye, you've been 0wned (the things evades AV window warnings etc.) ; )

http://www.theregister.co.uk/2011/06/27/mission_impossible_mouse_attack

The picture of the mouse's guts looks pretty cool!

redpill · « **Reply #1 on:** Tue, 28 June 2011, 10:10:55 »

Wow, that's clever. Like something you'd see in a Bourne movie or something.

IvanIvanovich · « **Reply #2 on:** Tue, 28 June 2011, 11:38:42 »

Even if it did require privilege escalation, all that would need is the standard admin rights dialog asking for permission for mouse_driver.exe. I bet 90% of regular non-techy users would ok it. They just plugged in a new device, it might need a driver. After all they are the same people that ok anti-virus 2010 to be installed from virus sites on the internet.

redpill · « **Reply #3 on:** Tue, 28 June 2011, 14:09:20 »

So if a shady looking fellow in the alley outside your office building opens his trench coat and offers to sell you a nice mouse for cheap, say NO!

HaveANiceDay · « **Reply #4 on:** Tue, 28 June 2011, 15:18:14 »

Quote from: redpill;369548

So if a shady looking fellow in the alley outside your office building opens his trench coat and offers to sell you a nice mouse for cheap, say NO!

I'll just laugh at his small penis.

kps · « **Reply #5 on:** Tue, 28 June 2011, 15:35:37 »

Quote from: TacticalCoder;369361

The article says it can works against any OS but I'm not really sure that it can find a way to escalate privileges on a correctly configured system

Quote from: lysol;369468

Even if it did require privilege escalation, all that would need is the standard admin rights dialog asking for permission for mouse_driver.exe.

I think you missed the parts about "any OS" and "correctly configured". :caked:

Sending me a hacked mouse would do no good — it won't know my passwords. You'll need to send me a hacked KVM, with DVI support, please.

IvanIvanovich · « **Reply #6 on:** Tue, 28 June 2011, 17:29:09 »

I forget how to read sometimes.

News:

Author Topic: Install a keyboard or a mouse, get 0wned... (Read 2359 times)