The death of USB autorun and the rise of the USB keyboard

Back in 2010 Seth Fogie noted that certain car manufactures were sending out USB devices. These USB devices presented themselves as keyboards in order to inject key strokes into the computer to which they were attached.

Why a keyboard? Well in order to circumvent security controls designed to stop the automatic execution of anything potentially malicious from untrusted USB sticks they had to be a little ingenious and no longer rely on a program running or user interaction.

So instead these devices inject key sequences as if the user typing in order to cause the browser to load and visit a particular website.

Fast forward a few years and it now seems that this approach is becoming ever more common as operating systems become increasingly more secure, platforms diversify and marketers are looking to stand out from the crowd.

NCC Group recently received a sample in the post which was based on technology by Visible Computing Ltd and sold as theiKyp webkey ™ . This technology works on Windows, Mac OS X and Android devices where a USB port is available.

The vendor details extensive case studies demonstrating that these devices have increased in prevalence while carrying with them interesting security implications.

Our Threat Brief provides an introduction to the technology, an overview of its use and other well-known examples of open source tools to achieve similar functionality. We also include tips for detecting if such devices that may be sent and then used on your estate previously. We also provide guidance on possible strategies to mitigate their impact should they be sent to your organisation.

We hope you enjoy this inaugural threat brief and welcome any feedback.

Please click here to view the Threat Brief: USB Keyboards by Post

Published date:  11 January 2013

Written by:  Ollie Whitehouse