U3 is a really powerful tool for carrying around your stuff on the move in your USb stick. Yes, on your face again. It doesn't work with mac or linux. That beside the point, U3 boost security enhancement by not leaving cache, passwords etc on the system. That I do not debate. However, this sword is sharp both ends. U3 is actually capable of reaping off information from the host system! Surprise? Check out U3 Switchblade.
U3 Switchblade :
http://wiki.hak5.org/wiki/USB_Switchblade
This is not even news as it has been around for a long time. Basically, when you insert the U3 stick, you will need to allow it to execute (at admin prviledge) in order for it to start launch pad or mount the protected partition. However, if you think the U3 launchpad and base core is protected, you are wrong. Its basically a part of the firmware and can be rewritten. What can you change? emm, how about a quick capture of passwords hashes to use with your Ophcrack, or all the serials number of your M$ product dumped (heck,s its not too long to dump the whole software branch of the registry anyway). OF course, it up to you to imagine. Just edit the image and inject your payload and flash it back into you U3. Yes, you probably want to run the original U3 launch pad at the end too...
Then insert into victims computer and ya, if you did it well, no prompt, nothing... It just run silently and grab everything need to be placed onto the USb stick. Well, its not foolproof of course. Certain antivirus software are capable of grabbing these. OneCare, Kaspersky and other behaviour detection engines based software will alert if you try to touch some registry or scan network for example.
Well, this article is not tell you not to use U3. But be aware when someone else passed you a U3 stick and ask you to mount it in the future. You do not need to even run the U3 Launch pad actually if the U3 Stick is not protected by a password. Just ignore all autoruns and you are much safer.
No comments:
Post a Comment