What have I got here? An ordinary
cable to charge my device? A dongle for connecting to Ethernet?
A nice innocent looking thumbdrive?
Actually, they might be malicious
tools that can hack your computer.
I just got back from DefCon, an awesome hacker
conference where you can learn how to pick locks, intercept internet packets to steal passwords,
hack IoT devices, and wardrive to collect all kinds of signals coming off all kinds of devices.
Or Maybe you just want to make blanket forts or hire a violinist to walk around with you and
create a soundtrack to your conference experience. You can do that at DefCon too.
But one of the things that I dove into at this year’s conference was tools
that look like everyday devices, but actually hide something more sinister.
You may have something like this or
something like this laying around and not really realize that it might actually
be a nefarious computer itself.
Darren Kitchen is the founder of Hak5, a
company that makes all kinds of awesome gear to help people understand their
own digital vulnerabilities.
They are quite scary, uh, if you're not
familiar with cybersecurity.
In this video we’ll explore 10 hacking tools
they offer that you need to know about.
we’ll also look at how to tell if a
piece of hardware can be trusted, and
we’ll teach you how to protect yourself.
Just a reminder that HAK5 didn’t sponsor this episode, we actually don’t do show sponsors, we
thought that this was just really interesting equipment that people should be aware
of, so that they can better protect themselves in the digital world.
Let’s get started with the famous usb rubber ducky.
You may recognize it from various tv shows and movies.
A rubber ducky.
It looks to you and I like a flash drive,
to a computer. It looks like a keyboard and computers inherently trust keyboards, you
can plug this into the computer and it'll execute keystrokes that you can pre-program //
It would bypass all standard countermeasures by emulating a plug in keyboard.
It’s a great reason to not go plugging random thumb drives into your
computer, because they could be executing all kinds of malicious code.
Next, the omg cable. lightning connection on one end that you’d plug into
your iphone, and usb on the other.
it looks and feels just like one that you
may have, uh, but it's malicious.
While it’s indistignuisahble from a normal cable,
the big difference of course is that this one
has a computer inside of it with a wifi access
point that you can control from your phone or anywhere in the world and do malicious things
with the computer that it's attached to.
You can connect to them from
your phone or laptop.
You can use that to trigger payloads.
EEP
Number 3, the lan turtle
A simple USB ethernet adapter,
but happens to have a little computer inside that
provides an attacker with remote access into this device and thus remote access into your network.
a, uh, attacker can plant this on a computer and have persistent remote access into
that machine and also watch all of the data that's going in between, and maybe even
tweak some of the data. So it's like, oh, the computer's trying to go to this website.
Well, let's send 'em to that website instead.
Number 4, we have the adorable bash bunny
This right here does similar USB attacks to the USB rubber ducky except way more advanced. It does
multi-vector. So this can actually enumerate on the computer as not only, uh, a keyboard, uh, but
also storage, serial and ethernet for windows and Mac. So you can do, uh, attacks that are what
we call, bring your own network. The idea is I can carry multiple payloads on this. I can flip
the switch right before I go up to my target, plug it in and it'll execute keystrokes, it'll
show up as a network device, the computer is gonna trust the network and say, oh great.
Can I get on your network, a network of two, just the computer and this, and then you can
perform a bunch of network attacks. // it's actually a quad core Linux machine in here that
also has geofencing with Bluetooth. So you can set it up so you can trigger it remotely.
You can do what's called exfiltration, which is a very fancy term for really an
involuntary backup. You might wanna call it. it's important to back up your data and a
hacker might for you, <laugh> for you. That's very kind. So with this device, there's numerous
techniques to get information out of the computer and then save it to the SD card.
Number 5, the key crock
This is a very smart keylogger. So unlike a
normal keylogger that you just plug in line between the computer and the keyboard, that's just
gonna record cues, strokes. This will do that, but it'll also stream them on the internet
to your own server and allow you to inject your own keystrokes. So you can remotely control
the computer from afar injecting keystrokes at will. This is just a discreet little adapter
that can plug in behind the computer.
Number 6:
It's called the screen crab and it gets screen grabs. It's got H D M I in and
HD M I out, uh, powers over USB. And you can plug it in, say behind the television, it will record
the images to a micro SD card. And then it'll also stream it over the web, allowing you to see what's
happening in real time and it's self hosted.
Which means that no one else gets access to
the data you’re collecting, it’s just you.
Number 7, the shark jack
Darren
This allows you to Jack into a network. It looks
like little flash drive with a dongle here, but it's actually for ethernet. So you plug this
into a network, flip the switch into attack mode and plug this into your laptop or your phone. And
what will happen is this will boot it up. It's a little Linux box with a bunch of pen testing
tools, and it will automatically do reconnaissance on the network. So you can see what's happening
live and get live actionable reports. There are ethernet jacks all over the conference center
and the hotels, uh, that are unattended. And it would take just moments to take one of these
flip, the switch, the battery powered one makes it even easier, plug it into the network. And the
light will change color depending on what you've programmed it to do, what kind of actions.
Remember all of these tools are double edged swords that can also be used to help
people trouble shoot problems
They could just give it to unskilled
people and say, Hey, just plug these in. And if the light turns red mark down
where that was and we'll remediate.
Finally we have 2 high powered tools that you’re
not going to mistakenly plug in, but your computer might mistakenly connect to them via wifi.
Number 8 is the wifi pineapple
The wifi pineapple is a rogue access point. You
might wanna call it a, uh, a hotspot honey pot,
Your phone, your tablet, your laptop probably
remembers every wifi network has ever joined in the past and is constantly looking for those
networks. It's the reason why when you go home, your device is automatically
connect to your home network.
So how does your phone see if one of your
remembered networks is nearby so that it can automatically connect?
Tour phone is sending out. What's called a probe request
And that’s where your phone is basically shouting out “i’m looking for
naomi brockwell’s home wifi network”.
It shouts out something similar for every network
you’ve ever remembered in the past, and it does this at all times as long as your wifi is on.
What the wifi pineapple does is listens for all these names of networks and then spoofs them
It would respond back and say, oh yeah, that that's me. That's me. You should
connect with me. I'm that network.
And your phone will then automatically
connect to the wifi pineapple.
When clients' devices connect to the wifi
pineapple, and it'll provide them with internet access, you as the operator, get to what we call
a man in the middle attack, you get to see what's going on in between, and you can manipulate the
traffic. You can also use this to perform a lot of wifi attacks where you can kick devices off
networks. And there's a lot of, um, modules that allow you to kind of inspect the data and
see what's going on, uh, with kind of what websites people are visiting.
You will also glean a lot of interesting information just by seeing the names of all the
networks someone’s phone is calling for:
If their device is looking for certain hotel
networks and C certain, uh, airline networks and certain corporate wifi networks, and maybe
some other corporation guest wifi networks, you can determine who they fly with,
um, you know, who they work with, who that company might also be partnering, with or
potentially partnering with and working with based on those guest, uh, wifi, uh, networks.
Number 9 is a superpowered version of this device
This is the wifi pineapple enterprise. This is, uh, that except, uh, with so much more
horsepower made for, uh, very large and busy wifi environments, kind of like the very hostile
network environment we're in here at DEFCON. Our wifi pineapple software has a lot of
features that allow you to find what are the vulnerable devices in my environment.
And finally there’s the wifi coconut, a brand new device that is like
the pineapple but on steroids.
WIfi uses the 2.4 gigahertz and 5 gigahertz
frequencies, but there aren’t just 2 channels to monitor, for wifi signals.
There are 14 2.4 gigahertz channels. A Normal radio can only listen
to one channel at the time,
It would listen on channel one. And then it
would hop over to channel two and listen on that. And while it's on each channel listening,
it's ignoring 13 other channels.
So you were never able to get an entire big
picture of all of the channels of the 2.4 gigahertz simultaneously.
The wifi coconut monitors all of the 2.4 gigahertz channels. This is
constantly listening to all of them.
Channels. One through 11 are, are used in
the United States, channel 12 and 13 are only supposed to be used in Europe. And channel 14
is, uh, only supposed to be used in Japan.
Why are only one through 11 meant
to be used in the United States
There's this thing called the ism band,
Industrial, Scientific, and Medical Band that the FCC way back in the day, uh, be made,
but they gave it to the general public to use that spectrum. And there were a few caveats to it
about the way that they could use the spectrum, the, uh, modulations and the power and the
different channels. Uh, and that's a long winded way to say that in the United States, we
use one through 11 and in the rest of the world, they use one through 13 and in Japan,
they get to be special and use 14.
And you can see here that the wifi coconut is
seeing a lot of traffic on all of these channels
If you watch this for a while, you'll actually see
a little bit of traffic on the Japanese channel, because I feel like there might be some
non-law abiding hackers in the area.
So now the most important part of the video,
how can we protect ourselves?
Starting with the pineapple and coconut:
The takeaway is to absolutely turn wifi off when you’re not using it, lest you accidently
connect to one of these traps instead of a real wifi network. You should also forget all wifi
networks after you disconnect from them. and you should not allow your phone to automatically
connect to any wifi network. It will be annoying, because you’ll have to click a button when
you return home instead of having your device automatically connect, but to leave it open is
a huge privacy and security vulnerability.
Next, there are tools that can actually tell us
whether a cable is malicious or not.
This is a, um, malicious cable detector.
And the way that it works is I'll take this normal benign cable and plug it in. And the
light doesn't light up. But if I take this cable, which I know is malicious, and it goes red and
lets us know that there's data being transferred through here. And it really shouldn't. This works
against a lot of, uh, illegitimate cables that you may find running around the internet.
This provides data blocking. Not only is it gonna detect that it's malicious, but it's gonna prevent
your computer from, uh, getting hacked.
Final piece of advice: you should be careful
which devices you plug into your computer.
Don't be afraid of this, but be mindful of it,
know that it's out there, know it exists.
If you’re charging a device for
example, only use your own cables.
Maybe you don't, uh, pick up a
cable that you find on the floor, or if you find a, a USB drive in the parking
lot that has something enticing written on it, like salaries or something, maybe think twice
before plugging it into your computer.
Accepting electronics from strangers, even
things that look as benign as a cable, is kind of like taking candy from strangers.
You probably shouldn’t do it.
Tools like this may seem scary, but they show
us where the vulnerabilities are in our systems so that we can fix them.
It's a good thing to have these things that, uh, break stuff./
So go forth, and be a little more mindful of seemingly innocent hardware around
you. one day it might just save your device.
