We have decided to bring some endpoint security exploit tools into our lab for testing, just to see just how they work and can be used in actual malicious attacks. Here is a short video demo of the USBDumper application mentioned a few posts back, this helps to illustrate just how real some of these new endpoint security threats are.
The simplicity of this application is what makes it quite dangerous, as all it requires a user to do is double click the exectuable, once this is done the application runs in the background and any USB drive that is connected will automatically have its contents downloaded to the system.
We were also able to connect an iPod to a lab system and have the code automatically download all contacts and calendar information. As the source code for this tool is distributed with the actual download file, it can be modified to connect to other devices and possibly be extended. This may have already occured as a version has appeared which not only copies files, but makes an image of the drive, which will allow someone to run additional tools to retreive data that may have been deleted.
Resources
USBDumper (Binary and Source)
Original Source (in French)
DeviceWall 4.5
Podslurping
USB Hacking
Security Applications on USB
