Android smartphone turned into a fake USB keyboard

    At a Black Hat DC hacker conference, security experts from George Mason University of America showed a relatively new way of hacking a PC in which a reprogrammed Android smartphone, when connected via USB, pretends to be another USB HID device, for example, a keyboard. In this case, various commands can be launched from the smartphone, including installing malware. In a similar way, via USB, you can attack one smartphone from another, through a specially modified USB cable.

    Hacking affects Windows and Macintosh systems (which automatically activate any device connected via USB with a minimum indication), as well as Linux (where no new device is reported at all). In the case of a Mac, an attacker can quickly remove a pop-up message from the screen using a freshly connected device, and under Windows a pop-up message disappears after 1-2 seconds.

    The practical method of this method of attack, however, is minimal, because physical access to the victim’s computer is required, and if there is such access, then a similar effect can usually be achieved simply by typing on a regular keyboard.

    On the other hand, you can write a virus that will spread via USB to each new smartphone and PC.

    It is very difficult for antiviruses to deal with this type of attack, because it is impossible to filter USB traffic and distinguish a real keyboard from a “fake” one or to understand what behavior of the “keyboard” is malicious.

    Such hacking methods have been used before. For example, in April 2010, specialists from the Royal Military College of Canada demonstrated a modified USB keyboard with a built-in microchip that serves as a trojan.

    Also popular now: