Don't Trust That USB

Don't connect that USB stick you found! Hostile USB can take over your computer, install malware and keyloggers.

My students are developing USB attacks and defences. They have built a cheap and customizable hostile USB device on DigiSpark development board.

Read on to see how to build a hostile USB device similar to "Rubber Ducky" or "BadUSB". And how to defend against this attack.

This project emulates adversarial tactics and techniques to create better protections and improve security. There are many legal, practical and ethical limitations for using penentration testing ("ethical hacking") techniques. Check you local laws.

DigiNut project

DigiNut is a project by Arttu Nurmela, Janne Mustonen, Marko Nurmola and Samu Lindroos. It's part of my "Monialaprojekti infra" course, co-taught with Harto.

DigiNut has developed multiple tools

  • A USB stick that's actually an automatic keyboard, connecting runs PowerShell on Windows
  • A working USB keyboard that runs PowerShell code when attached to a computer

Source code, build instructions, usage videos: https://teamsharap.wordpress.com/ (In Finnish)

When hostile USB device is connected, the USB pretends to be an USB keyboard and installs PowerShell malware on Windows.

Lyhyesti suomeksi - briefly in Finnish

Älä kytke sitä USB-tikkua! Vihamielinen USB-tikku (tai hiiri, tai näppäimistö...) voi asentaa haittaohjelmia, vaikkapa näppäimistön vakoiluun tai mikrofonin salakuunteluun. Opiskelijani Arttu, Janne, Marko ja Samu rakentavat hyökkäyksiä ja puolustusta vihamielisille USB-laitteille.

DigiNut-projektissa on rakennettu vihamielinen USB-laite DigiSpark-kehityslaudalla ja Arduinolla. Projekti esittelee myös puolustuskeinoja. Tärkein: älä kytke USB-laitteita, joihin et luota.

This article has been updated after publishing.

Images from DigiNut project are copyright 2021 Mustonen, Nurmela, Nurmola and Lindroos.