Weaponized USB devices as an attack vector by Alex Perekalin.
USB devices are the main source of malware for industrial control systems, said Luca Bongiorni of Bentley Systems during his talk at #TheSAS2019. Most people who are in any way involved with security have heard classic tales about flash drives “accidentally” dropped in parking lots — it’s a common security story that is just too illustrative not to be retold again and again.
Perekalin takes us beyond flash drives with a reminder that any USB device can be an attack vector.
An incomplete list of USB devices includes:
- Speaker
- Microphone
- Sound card
- MIDI
- Modem
- Ethernet adapter
- Wi-Fi adapter
- RS-232 serial adapter
- Keyboard
- Mouse
- Joystick
- Webcam
- Scanner
- Laser printer
- Inject printer
- USB flash drive
- Memory card reader
- Digital audio player
- Digital camera
Just to name some of the more common ones.
So it’s a little more expensive to do: “Congratulations! You were selected at random for a free digital camera!” (make sure it is a nice one) If it gets you inside the ******* agency, it’s worth every penny. Weaponized USB devices should be standard part of your kit.