How a DRONE can hack your computer in seconds | Real Experiment

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

foreign [Music] goal is to hack the computer behind the window okay this is an imaginary window we like Lars lontria let's pause here and zoom in we can see that the Drone has a hacking device on it now let's get into the details how is all this going to hack the computer oh gear was created by the sum sub-verification platform but more about some stuff in a bit first let's figure out why drones are needed for this hack in the first place drones can quickly go where people cannot say those are well secured perimeter a drone can pass through any of the defenses meant to keep people out it can fly up to any floor of a building quickly and often without detection drones are small so they can even fly into an open window and wreak havoc on computer systems in the blink of an eye but what kind of Wireless technology would enable a drone to do so much damage without running out of battery well there are some zero click attacks which take just a few seconds this means that the Drone won't need to pause its flight the attack can be performed on the go there's one well-known extremely widespread vulnerability built into hundreds of thousands of Wireless mouses and keyboards that can be taken advantage of in just one to two seconds with maximum effect giving hackers wireless access to a PC and it's called Mouse Jack imagine you're sitting at home or working at an office on one of the top floors of a building or deep inside some highly secure facility a few hundred meters away from a checkpoint you'd think you're completely safe from hackers yet here comes a drone hovering just outside your window you might notice it or you might not either way the Drone will install malware onto your computer in just seconds you're unlikely to notice any changes to your computer and even if you see that backdoor installer that comes up for a second you're probably not going to think that it has anything to do with the Drone that just flew by and if you're not at home and instead say at some office building then the hacker can find their way into the internal Network just a few minutes after a successful attack the bad guys can test several different exploits on the main servers of your company it's quite likely that your company's internal infrastructure will be compromised before the security team can even get their eyes on the breach the attack seems like something out of a hacking themed movie or video game where the Drone completes the attack in just seconds the vulnerability here is that there's a large number of wireless adapters but things like mouses and keyboards and they use a separate radio channel that doesn't check the sources of the signals that come its way unlike Bluetooth these devices aren't standardized producers on the wireless Market don't always develop their own devices and instead use various chips and the vulnerability here is a chip called nrf24l which has an unsafe wireless radio interface the chip turns out to be highly popular and is used by a lot of producers including Dell Logitech Microsoft HP Amazon gigabytes and Lenovo and it's really difficult to pin down exactly how many devices use this chip this list contains just a few of the devices that have this vulnerability physically what happens is the radio channel on the nrf24l chip uses the same frequency as Bluetooth and Wi-Fi but uses only 83 frequencies that are one megahertz in width which therefore covers everything between 2400 and 2483 megahertz what happens on a software level is that every wireless device has its own Mac address all these devices work in a star or bespoke Hub Network there are some devices like a mouse or keyboard in this network the nodes and there's a USB adapter in the middle which is like a central switch this way each device is connected directly to the switch however they are not connected to each other so the switch is the server and the devices are the clients therefore the clients or devices send information about things like movements of the cursor or keyboard inputs and the USB adapter tells them whether the signal was received this essentially creates a one-way Transmission in our case the adapter is connected to a mouse and keyboard for a real world attack the hacker needs to figure out and Forge the needed radio signal the adapter doesn't broadcast any signal packs even if they've just been connected and therefore it's impossible to determine if there aren't any working mouses or keyboards every device widely transmits signal packages to the network with a unique Mac address the adapters only pick up signals from their own sub networks the attack doesn't Target the MAC address of the adapter but instead those of the connected devices so for the attack to work there needs to be a mouse or keyboard connected in reality the vulnerability isn't quite the mouse or the keyboard themselves but rather their wireless adapters picking up the signal from a connected mouse or keyboard which contains the MAC address backers can forge the signal using the intercepted Mac address as the source a vulnerable wireless adapter won't be able to tell the Hacker's signal apart from a legit signal and will enable the keyboard inputs sent over the compromised radio signal it's worth noting an interesting and dangerous fact an adapter from a wireless mouse can pick up wireless keyboard inputs the OS in a mouse and keyboard use related hid devices the attack works by forging wireless mouse or keyboard signals to send inputs to the victim computer which if executed give hackers access to that computer in fact these exact keyboard inputs can be executed at an extremely high rate of speed 1 000 inputs per minute however through a successful attack about 40 to 50 inputs is enough in other words all that's needed is a few seconds obviously mousetrack isn't the only scheme being used for account takeover hi I'm Lucas from Samsung and as we've seen fraudsters are growing at an exponential rate in their ability and techniques and sophistication to steal your personal information and break into your accounts this is due in part to the rise of AI and now essentially anyone can become a hacker with the use of these tools and systems that's why it's so necessary to have a robust anti-fraud solution to protect both your business and the reputation of your business our solution combines several Technologies to provide a holistic compliance solution this could be anything from our transaction monitoring email phone verification anti-fraud and pixel analysis Technologies to find out more just click the link below to get in contact with the thumb sub representative and we'll be able to help you leverage our system to protect your business in the future thank you very much [Music] to forge a radio signal hackers need a device containing an nrf24l chip for example this could be the Logitech u-0007 Universal USB adapter however this adapter Works in a very narrow radius of about one to two meters there are some other devices including the crazy radio PA USB adapter which is used as the controller for the crazy file indoor drone this device can amplify the signal increasing the radius of attack by up to 10 to 15 meters however what can be done if the target is two to three floors above ground or deep inside a guarded perimeter that's where the Drone comes into play modern drones have enough power to carry things like GoPros or higher capacity batteries and typically this is enough to carry a third or even half of the drone's own weight in this case the Drone needs to carry a couple of devices to make the attack happen the crazy radio PA and its antenna weigh just 12 grams the second component can be a mini Raspberry Pi zero which weighs just 10 grams a battery is also needed for instance any 3.7 volt battery should do most single ball computers can be powered by a 5 Volt or 3.3 volt no special devices are needed to do this the battery can be connected directly to the Raspberry Pi using contacts 1 and 9 gpio if 5 volts is used a DC to DC mt3608 high voltage computer board is needed which needs to be connected through contacts 2 and 9 to gpio however it'll take some work to solder the converter here [Music] the battery can be charged through a soldered micro USB for more convenience and better visualization of the attack LED indicators can be used instead of a screen display which takes up too much battery power and adds extra weight most single board computers use gpio pins which use low voltage just enough to power LEDs so to turn an LED that's connected to say pin 26 on or off the following OS commands need to be executed on the computer board in total a 5 volt setup would weigh just 61 grams basically any drone can handle this kind of weight it's not that important which exact drone is used since all it needs to do here is transport the device a sinner whoop with a protective frame around the propellers could work [Music] since this attack requires a lot of flying in close quarters a precise controller is a must which makes fpv drones appropriate here however the most important element here is drone flying skills foreign radio PA board is not able to work in the attack mode before upgrading after upgrading the adapter can be used to send keyboard inputs to work with the upgraded adapter a small python script can be used since the attacker doesn't know the Mac addresses of the targets they have to attack what comes up on the broadcast which is why the autopone flag is used to visualize the attack using LEDs we'll slightly modify the jacket script [Music] where the LED is the executed script with the following [Music] now the green LED shows that the script began its attack and the Drone can fly to its Target the yellow LED will light up when devices are being searched for and the red LED will light up when a device is being attacked the attack is dangerous due to the ability to transmit malicious inputs but which command does that hacker use to get wireless access the hacker needs a very brief command that's already built into the victim OS which can download and activate a backdoor program in one go it's important to note a radio channel is used which means that there can be interference so the longer the command the greater the chance that certain inputs don't get through and all it takes is One Missed input for the entire commands to go unrecognized in order to download and open the file that enables remote control the hacker uses a command rather than a graphical user interface for Windows the command is msie xec and here's how a short attack sketch could look like nowadays any OS can work with a wireless mouse or keyboard which means that the commanded attack has cross-platform functionality giving it the ability to Target any OS let's look at Windows MSI is an executable files format generally used for installation it can be generated using the popular hacker framework Metasploit after the command is executed on the victim PC the hacker gets access to the OS control panel on their server This Server can be anonymous and paid for in crypto which means the hacker doesn't leave a trace then the hacker can do whatever they want to demonstrate let's remotely turn off the victim computer but this harmless command is just the tip of the iceberg this same method can be used to access any of the victim's files and if a hacker gets access to a corporate PC they can end up getting access to what's on the internal Network and in turn steel or even destroy it for instance here's how the hacker executes proxies and opens VPN tunnels in the corporate Network through the victim's computer [Music] attacks targeting Wireless hid devices mouses and keyboards are perhaps the most entertaining and dangerous of our time enabling access to a victim's computer in just seconds since these attacks use radio channels and remote commands there's no need to guess passwords or anything like that its rce right off the bat [Music] foreign Ty that's hiding in plain sight it's an excellent example of how you and your company can easily fall victim to a hack security analysis reveals that despite the fact that this vulnerability was found back in 2016. few people actually know about it and even those who know greatly underestimate it nevertheless this vulnerability can still be found even at big companies and given the operational specifics of this vulnerability it's bound to be around for a long time to come because after all we don't change our wireless keyboards and mouses as often as we do our phones to protect yourselves do the following check if your devices have this vulnerability we've added a link to a full list in the description if it does see if there are any updates for your mouse keyboard or USB adapter that get rid of the mouse Jack problem if there is no such update then we'd recommend changing your wireless mouse keyboard or USB Jack altogether in favor of one that doesn't have this vulnerability but even this doesn't guarantee 100 security since any wireless device can be hacked so ideally you'd want to switch back to the classic corded Mouse if of course going back in time doesn't scare you too much only wired devices can give you a 100 guarantee that you won't be hacked this way and this is worth thinking about if your computer actually has sensitive information on it which can be subject to an attack we at samsub hope that none of this can ever happen so watch our upcoming videos where we'll certainly touch on remote control attacks once again I'm will try our best to give you real world advice to keep you safe in the online jungle until next time foreign

Info

Channel: Sumsub

Views: 424,446

Rating: undefined out of 5

Keywords: Hacking, how to hack, Mousejack, Mousejacking, fpv drone, drones, drone, kali linux raspberry pi, data security, ethical hacker, black hat hacker, white hat hacker, ethical hacking, technology, tech, computer, cybersecurity, infosec, info sec, information security, cybersec, hack, hacked, hackers

Id: kZTZfQfnOTQ

Channel Id: undefined

Length: 15min 34sec (934 seconds)

Published: Fri Apr 28 2023