<div dir="ltr">I think you misunderstood the point of the post. The Arduino is not running Linux, but it can act as a USB device that can emulate a keyboard. Plug that into a computer and it can inject text into any system - Windows, Linux, Mac, etc - but it must be at a location where it can accept text. It can't force the system to be at a command prompt.<br><br>However, there are easier hacks than using an Arduino and hope that the system gets rebooted, and hope that you can get into bios or command line, etc, so this is more of an academic issue than a real issue.<br><br>At a previous job I worked on a USB hack device that took advantage of the way encrypted/compressed USB keys work. They have two partitions in them - the data one and then one that contains a device driver that is loaded into the system that controls the encryption/compression of the data partition.<br><br>It is possible to use this to hijack a system - write your own device driver that loads into the kernel that can then do things such as key logging, monitoring network traffic, reading/writing to disks, etc. It can even spawn it's own user processes, and then hide the device driver and the user process from normal view (so not seen on a device/process list). It can also send all this data back 'home' to a waiting server, even hiding that traffic from normal view.<br><br>Now just take that USB key, drop it off near the front of the building you want to hijack, or better yet, drop a couple nearby in the parking lot, in restaurants frequented by the employees of the company, etc and wait for an employee to stick it into their system - curious what is there. Now hide a few innocuous files - pictures of kittens - and while they are looking at that, their entire system got compromised, and from that, their network.<br><br>Unfortunately, that is not science fiction, or movie drama - is very real and much easier than using an Arduino.<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 4, 2015 at 6:19 PM, Scott Hall via TriEmbed <span dir="ltr"><<a href="mailto:triembed@triembed.org" target="_blank">triembed@triembed.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The Arduino is a 8-bit mpu not capable of booting and running Linux.<br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu, Jun 4, 2015 at 2:51 PM, John Vaughters via TriEmbed <span dir="ltr"><<a href="mailto:triembed@triembed.org" target="_blank">triembed@triembed.org</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:12px"><div><br></div><div>With a continued escalation on security, I decided to check out the most recent Kali Linux (Security Distribution). While scanning around the menus, I noticed that Arduino IDE was loaded. How curious was that? Further digging took me to a concept that I found intriguing enough to write this email. While this little Open Source Hardware project has been capturing our minds, it apparently has been noticed by the security industry as well. </div><div><br></div><div>I have not looked into all the possibilities of Arduino use, but the one that I noticed right away is affected by the Physical Security aspect. As you may or may not know, newer Arduino's and the Teensy as well as other devices can be configured to be recognized as a keyboard by a computer. Well, this is quite powerful if you can basically place a keyboard device in a computer and let it hack away. Now add an sd card and you have some serious scripting capability. </div><div><br></div><div>So the attack works like this. A person walks into your building (Think cleaning crew), and finds a computer that seems to be not used much or worse a server. The person plugs in an arduino configured as a keyboard and walks away. You now have a robotic keyboard filled with scripts to attempt mal intents. One thing that came to my mind was to include a USB stick as well with a bootable distribution of a linux OS that could basically grant a person access to an outside computer that would allow entry into your network. The Arduino keyboard could reboot a computer and attempt to boot the USB stick. Arduino keboard could even log into bios. Actually the possibilities seem almost endless to me, but the work to create the scripts would not exactly be easy. Would require quite a bit of testing I would imagine. </div><div><br></div><div>Anyhow, don't underestimate the power of physical access to your computers. Many people are turning off their USB ports for file capabilties, but I have not looked into this stopping a keyboard from getting access to bios. </div><div><br></div><div>I just thought that some of you might be interested in the double edged Yin/Yang technology that we have become so enamored with in the past 5 or so years.</div><span><font color="#888888"><div><br></div><div dir="ltr">John Vaughters</div><div><br></div></font></span></div></div><br></div></div>_______________________________________________<br>
Triangle, NC Embedded Computing mailing list<br>
<a href="mailto:TriEmbed@triembed.org" target="_blank">TriEmbed@triembed.org</a><br>
<a href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org" target="_blank">http://mail.triembed.org/mailman/listinfo/triembed_triembed.org</a><br>
TriEmbed web site: <a href="http://TriEmbed.org" target="_blank">http://TriEmbed.org</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><div>Scott G. Hall<br>Raleigh, NC, USA<br><a href="mailto:scottghall1@gmail.com" target="_blank">scottghall1@gmail.com</a></div>
</font></span></div>
<br>_______________________________________________<br>
Triangle, NC Embedded Computing mailing list<br>
<a href="mailto:TriEmbed@triembed.org">TriEmbed@triembed.org</a><br>
<a href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org" target="_blank">http://mail.triembed.org/mailman/listinfo/triembed_triembed.org</a><br>
TriEmbed web site: <a href="http://TriEmbed.org" target="_blank">http://TriEmbed.org</a><br>
<br></blockquote></div><br></div>