Posts with «human interface device» label

Using HID Tricks to Drop Malicious Files

[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.

The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.

[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.

Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.


Filed under: Arduino Hacks, security hacks

Walkman-esque Human Interface Device

Cheap keyboards never come with extra buttons, and for [Pengu MC] this was simply unacceptable. Rather than go out and buy a nice keyboard, a microcontroller was found in the parts drawer and put to work building this USB multimedia button human interface device that has the added bonus of looking like an old-school Walkman.

The functions that [Pengu MC] wants don’t require their own drivers. All of the buttons on this device are part of the USB standard for keyboards: reverse, forward, play/pause, and volume. This simplifies the software side quite a bit, but [Pengu MC] still wrote his own HID descriptors, tied all of the buttons to the microcontroller, and put it in a custom-printed enclosure.

If you’re looking to build your own similar device, the Arduino Leonardo, Micro, or Due have this functionality built in, since the USB controller is integrated on the chip with everything else. Some of the older Arduinos can be programmed to do the same thing as well! And, with any of these projects, you can emulate any keypress that is available, not just the multimedia buttons.


Filed under: Arduino Hacks