Over the summer Rob, one of the guys I work with, introduced me to Gonzore's Switchblade, a program used to turn your U3 flash drive into an awesome hack tool. Gonzore uses the U3 universal customizer to replace the U3 iso with an iso that autoloads a bunch of customized hack tools. Windows will not autorun from a usb drive but the U3 drives have a special controller board that allows them to mount a cdrom drive also. Windows will autorun from a cdrom drive. This means that since you can customize the iso on the U3 drive, U3 drives can run any program that you want without ever prompting the user.(There is one extra step needed to make it silently install.) That is pretty ugly, the next time your friend plugs his U3 into your machine he could be silently installing a keylogger, trojan, or almost anything. So watch out.
Attack Mitigation:
It is possible to disable autorun on a windows machine in the following ways:
start>run>gpedit.msc>local computer>administrative template>system>turn off autoplay
start>run>regedit>hkey_local_machine>system>services>cdrom>autorun = 0
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment