BadUSB devices and keyloggers are popular worldwide, and almost no one ignores their nature.
In this talk we have decided to go beyond the classic concept of a malicious USB stick or an odd-looking malicious adapter that begs not to be detected while copying keystrokes attached to the keyboard.
We part from a normal keyboard from a well-known brand available worldwide, which we disassemble to add our own hardware modification (our "hack").
This modification, which consists of cheap parts that can be acquired worldwide, makes this keyboard an interesting attack vector: a device that looks and functions as a keyboard, but is capable exfiltrate information online, connecting to a malicious server and sending keystrokes without being noticed.
This hack was assembled in many models, from normal office keyboards to gaming equipment, getting smaller... and cheaper!
Now then, what would happen if someone sent this keyboard in its original box, along with a t-shirt of the very same brand, and some stickers to an office?
What would happen if that office were part of a prestigious school?
What would happen if someone connected this innocent device to their work terminal while enjoying its stickers and (hopefully) wearing its new t-shirt?
Well, we told you. You shouldn't have trusted that keyboard.
| # | Date | Conference | Link to Video | Link to Slides |
|---|---|---|---|---|
| 1 | AUG-2020 | DEF CON 28 Red Team Village | https://youtu.be/Tc8gWwf3KAc | https://docs.google.com/presentation/d/1b8hNTUlTqgMa4lMLslGPOkgWij-A08Jr7AulLt9-zsw/edit?usp=sharing |
Evil Genius is our very first talk @dc5411. It was authored by Luis Ángel Ramírez Mendoza, Farith Pérez Sáez and Mauro Eldritch.