[TriEmbed] Kali Yin/Yang with Arduino

John Vaughters jvaughters04 at yahoo.com
Thu Jun 4 13:51:47 CDT 2015 

With a continued escalation on security, I decided to check out the most recent Kali Linux (Security Distribution). While scanning around the menus, I noticed that Arduino IDE was loaded. How curious was that? Further digging took me to a concept that I found intriguing enough to write this email. While this little Open Source Hardware project has been capturing our minds, it apparently has been noticed by the security industry as well. 
I have not looked into all the possibilities of Arduino use, but the one that I noticed right away is affected by the Physical Security aspect. As you may or may not know, newer Arduino's and the Teensy as well as other devices can be configured to be recognized as a keyboard by a computer. Well, this is quite powerful if you can basically place a keyboard device in a computer and let it hack away. Now add an sd card and you have some serious scripting capability. 
So the attack works like this. A person walks into your building (Think cleaning crew), and finds a computer that seems to be not used much or worse a server. The person plugs in an arduino configured as a keyboard and walks away. You now have a robotic keyboard filled with scripts to attempt mal intents. One thing that came to my mind was to include a USB stick as well with a bootable distribution of a linux OS that could basically grant a person access to an outside computer that would allow entry into your network. The Arduino keyboard could reboot a computer and attempt to boot the USB stick. Arduino keboard could even log into bios. Actually the possibilities seem almost endless to me, but the work to create the scripts would not exactly be easy. Would require quite a bit of testing I would imagine. 
Anyhow, don't underestimate the power of physical access to your computers. Many people are turning off their USB ports for file capabilties, but I have not looked into this stopping a keyboard from getting access to bios. 
I just thought that some of you might be interested in the double edged Yin/Yang technology that we have become so enamored with in the past 5 or so years.
John Vaughters
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20150604/3ae91d4d/attachment.htm>

More information about the TriEmbed mailing list