New USB security tool, BeamGun..

USB SecurityBeamGun – So what is it all about, and do I need it?

Well, to answer the latter first – “maybe”,  if you could ever see yourself inserting a USB key you found somewhere, or if other people have access to your computer….

Background;

All modern computers have USB ports, you can attach all sorts of wonderful devices to USB ports – like mouse and keyboards, well imagine if someone made a device that looked like a USB key, however it actually emulated a keyboard – when you would plug this into your USB port it would tell your computer “Hey, I am totally a USB keyboard, honestly..”, and your computer would say “Hey that is cool, go ahead and be my second keyboard…”. So far so good, however, now this totally honest “keyboard” would start typing commands and your computer not knowing any better would think that it was you typing. So, long story short – any device looking like a USB key that is inserted into your computer has a chance to be an evil “Rubber Ducky USB” (that is the name under which many of these are actually sold), so someone either hands you a USB device and convince you to insert it (hey can you look at the report I just made) – or distracts you for a second and insert the USB device to your computer – BOOM and you are owned – in benign cases it just adds some practical joke (like switch your desktop background etc), but if evil it steals passwords etc. and it is very likely your Antivirus will not pick it up as it will look like commands issued from the local keyboard.

Sadly “no”, this is not Sci-Fi nor expensive, the script kiddie version of USB keys like this cost around 50$ but if you have real coding skills you can do it for 1-3$ 🙁

Ok, so anyone inserting a foreign USB device to your machine could be “hacking you”, or if you find an abandoned/lost USB key and insert it you may cause yourself to be hacked/compromised.

The tool;

https://github.com/JLospinoso/beamgun

2017-01-25 22_49_04-Greenshot

BeamGun to the rescue – BeamGun is actually rather nifty, it will monitor your computer – and the moment a new “keyboard” (or something emulating a keyboard) is inserted, it will lock your computer and block the device, it will also show anything this device was trying to do in a popup window.

Mind you, it is an early version and seem a bit rough around the edges, but if you are in the “risk” group this may be a tool you would want to install.  But it works (yes I tested it, however it is difficult to show screenshots as the software does a great job of protecting your computer while it display its warning).

Want to see more about these “Rubber Ducky USB” devices, take a look at this video;
https://youtu.be/4kX90HzA0FM
Something similar is also shown in the popular tv-show “Mr Robot”

Want to aspire as an evil hacker (or totally own your friends), buy your own “USB Rubber Ducky” here (yes its actually that simple);
https://hakshop.com/products/usb-rubber-ducky-deluxe

 

Links;

https://youtu.be/4kX90HzA0FM

https://github.com/JLospinoso/beamgun

https://hakshop.com/products/usb-rubber-ducky-deluxe