Learn how the HID poses a security risk to all operating systems.
Episode #12-02 released on September 2, 2021
Windows, and all other operating systems, has a very important and dangerous security issue related to human interface devices. Anything plugged into a USB port has the potential to be detected as a HID device which is problematic because Windows trusts all HID devices. This allows anyone with local access to a computer the ability to gain access to a computer and it, also, allows them to escalate privileges, too.
Starting from beginning, how does a connected device get recognized by Windows as a human interface device?
A USB drive can never be mistaken for a keyboard, but a cleverly built USB device can be detected as a keyboard if the controller is setup to convince the computer it is a keyboard. The controller gets instructions stored on any kind of storage medium, such as a micro-SD card.
The controller types a lot faster than most humans, allowing it to execute commands faster than any person can perceive. Unless the user is aware of the device, by the time anyone sees the USB device, it is too late to do anything, and any code it was seeking to execute has already been executed.
The issue with these devices is not new, but there is at least one glimmer of hope, the attack has to be local, and the target device has to be unlocked, too. The majority of computers that would be targeted would be business computers, not home computers.
To achieve the attack, too, the person would, also, have to either have access to device, or have a user intentionally, or unintentionally, use the device. One common way to get a user to compromise a computer is to leave the USB device on floor outside and use someone's curiosity to compromise their computer and possibility the network, too.
Are there are safeguards possible against the use of compromised USB devices?
In the business setting, short of disabling all non-essential USB ports, training will have a much better result than just locking out a user. Having an open IT department willing to help users with certain curiosities with found drives, also, helps. If IT has an air gapped computer that they can test things on, the other users are less likely to compromise their own workstation.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net