Cyber Security

Bow to the USBsamurai: Malicious USB cable leaves air-gapped networks open to attack

Published

on

Penetration testers tasked with auditing industrial environments for susceptibility to USB implants have been offered a new utility for their hacking toolbox.

USBsamurai – showcased by security researcher Luca Bongiorni during a Black Hat Arsenal presentation on Thursday (August 5) – is a USB HID [Human Interface Device] injecting cable that costs less than $15 to produce and can be made from off-the-shelf components.

Made up of a cable, unifying dongle, and a USB radio transceiver, USBsamurai can be remotely controlled and therefore able to attack even air-gapped networks.

“Being open source and low-cost makes it accessible to anyone who wants to try it out,” Bongiorni told The Daily Swig ahead of his presentation.

“Not only red-teamers and pen testers, but also classic IT personnel that wanna check in first-person how that works or to create internal awareness training demonstrations.”

“USBsamurai is not only a cable… it can be easily used as [an] internal hardware implant to weaponize other USB devices, [such as] a mouse,” the researcher added.

Blink and U(SB) might miss it

Harnessing USBsamurai allows a threat actor to quickly inject keystrokes within a target machine through a wireless covert channel.

“USBsamurai uses a proprietary wireless protocol that is not detected by any WiFi Intrusion detection system,” according to Bongiorni, who added that this aspect of the utility marks part of its advance from comparable hacking tools such as the popular OMG Cable keylogger.

“I don’t see USBsamurai as a competitor of OMG cable in any way,” Bongiorni, head of offensive security at Italian security outfit CyberAntani, explained.

“[The developer] spent a lot of time in R&D creating such a great multi-purpose hacking cable! I rather see USBsamurai as a cheaper and open source version of the same family of HID injecting implants for anyone that wants to play with this group of IoOT (Internet of Offensive Things) devices.”

Affordable kit

The four key features of USBsamurai are its affordability, open source design, the ability to offer “undetectable” wireless communications and the facility to establish a covert air gap bypass channel.

Bongiorni has put together a set of tutorials offering advice to others on how to build their own USBsamurai.

As well as demonstrating the utility, Bongiorni’s talk offered actionable countermeasures to prevent and detect attacks, including an overview of how forensics analysis can be used to detect the presence of USB implants.

Hardware implants have become a popular attack vector in air-gapped environments such as industrial networks, as infamously evidenced by the 2010 Stuxnet attack on Iranian Uranium enrichment facilities, and the recent ransomware attack that has led to a shutdown in a US natural gas facility.

In recognition of this, red-teamers have included hardware implants in their threat modelling when testing the security of industrial facilities.

Source: https://portswigger.net/daily-swig/bow-to-the-usbsamurai-malicious-usb-cable-leaves-air-gapped-networks-open-to-attack

Click to comment
Exit mobile version