Spyduino: Arduino as a HID Exploiting the BadUSB Vulnerability

Karystinos, Evangelos; Andreatos, Antonios; Douligeris, Christos

doi:10.1109/dcoss.2019.00066

Cited by 6 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, an attacker can program a microcontroller so that when it connects, it opens a command prompt, enters, and executes a PowerShell command that will load the image and launch the virus. Such a device can be disguised as a flash drive, keyboard, or other peripheral equipment [13].…”

Section: Methods Of Overcoming Protection Using Vulnerabilities In Bmp Image File Formatmentioning

confidence: 99%

A Method for Identifying and Countering HID Attacks - Virus Detection in BMP Images

Rostyslav¹

2020

IJETER

View full text Add to dashboard Cite

The aim of the article -develop a method for protecting modern systems from attacks using BMP image files and HID attacks. This article describes the features of BMP format images. The method of injecting computer viruses in BMP image and attacks in order to overcome the means of protection. The article suggests methods for detecting viruses in BMP image files and counteracting HID attacks. Developed programs demonstrate the effectiveness of protection against the considered attacks

show abstract

Section: Methods Of Overcoming Protection Using Vulnerabilities In Bmp Image File Formatmentioning

confidence: 99%

A Method for Identifying and Countering HID Attacks - Virus Detection in BMP Images

Rostyslav¹

2020

IJETER

View full text Add to dashboard Cite

show abstract

“…Other examples in this category are the USB Rubber Ducky [13], which poses as a benign USB thumb drive that can exfiltrate data from the victim host. Finally, Evilduino [14], USBdriveby [15], and Spyduino [16] are additional examples that are based on Arduino microcontrollers. On the surface, an O.MG cable appears to be a simple USB cable (left) (Image from [17]); however, such devices have a malicious microcontroller embedded at the connector side (right) (Image from [18]).…”

Section: Usb Attacksmentioning

confidence: 99%

To (US)Be or Not to (US)Be: Discovering Malicious USB Peripherals through Neural Network-Driven Power Analysis

Koffi,

Smiliotopoulos,

Kolias

et al. 2024

Electronics

View full text Add to dashboard Cite

Nowadays, The Universal Serial Bus (USB) is one of the most adopted communication standards. However, the ubiquity of this technology has attracted the interest of attackers. This situation is alarming, considering that the USB protocol has penetrated even into critical infrastructures. Unfortunately, the majority of the contemporary security detection and prevention mechanisms against USB-specific attacks work at the application layer of the USB protocol stack and, therefore, can only provide partial protection, assuming that the host is not itself compromised. Toward this end, we propose a USB authentication system designed to identify (and possibly block) heterogeneous USB-based attacks directly from the physical layer. Empirical observations demonstrate that any extraneous/malicious activity initiated by malicious/compromised USB peripherals tends to consume additional electrical power. Driven by this observation, our proposed solution is based on the analysis of the USB power consumption patterns. Valuable power readings can easily be obtained directly by the power lines of the USB connector with low-cost, off-the-shelf equipment. Our experiments demonstrate the ability to effectively distinguish benign from malicious USB devices, as well as USB peripherals from each other, relying on the power side channel. At the core of our analysis lies an Autoencoder model that handles the feature extraction process; this process is paired with a long short-term memory (LSTM) and a convolutional neural network (CNN) model for detecting malicious peripherals. We meticulously evaluated the effectiveness of our approach and compared its effectiveness against various other shallow machine learning (ML) methods. The results indicate that the proposed scheme can identify USB devices as benign or malicious/counterfeit with a perfect F1-score.

show abstract

“…Often, keystrokes injection based on BadUSB is used to drop malware on the victim's machine [28]. A terminal window is opened by emulating a corresponding keyboard shortcut.…”

Section: Cpu Interrupt Service Routinementioning

confidence: 99%

“…BadUSB devices are applied to drop and install malware on the victim's machine by mimicking keystrokes [28]. The Phantom Malware applies User Imitating to conceal the execution of all its malicious actions.…”

Section: ) Badusb Devices Based On Keystroke Injectionmentioning

confidence: 99%

Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity

Witte

2020

IEEE Access

View full text Add to dashboard Cite

State of the art malware detection techniques only consider the interaction of programs with the operating system's API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions. To start with, the article introduces User Imitating techniques for concealing malicious commands of the malware as impersonated user activity. Thereafter, the concept of Phantom Malware will be presented: This malware is constantly applying User Imitating to execute each of its malicious actions. A Phantom Ransomware (ransomware employs the User Imitating for every of its malicious actions) is implemented in C++ for testing anti-virus programs in Windows 10. Software of various manufacturers are applied for testing purposes. All of them failed without exception. This paper analyzes the reasons why these products failed and further, presents measures that have been developed against Phantom Malware based on the test results.

show abstract

Spyduino: Arduino as a HID Exploiting the BadUSB Vulnerability

Cited by 6 publications

References 3 publications

A Method for Identifying and Countering HID Attacks - Virus Detection in BMP Images

A Method for Identifying and Countering HID Attacks - Virus Detection in BMP Images

To (US)Be or Not to (US)Be: Discovering Malicious USB Peripherals through Neural Network-Driven Power Analysis

Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity

Contact Info

Product

Resources

About