USBdriveby is basically a USB-powered microcontroller which is beaded into a necklace or a chain. The reason behind beading this USB-driven microcontroller is that one can take the advantage of security flaws in one’s computer’s USB ports. Once inserted into one of the USB ports, it just needs a minute or better say, 60 seconds to infect and annihilate a personal computer.
How does USBDriveBy work?
- Once USBDriveby is inserted into one of the USB ports on a PC, it pretends to be a mouse or a keyboard.
- It automatically uses of a number of keystrokes to satisfy the PC’s network monitor app to convince that everything is ok.
- In the next step, it disables the system’s firewall.
- After disabling the firewall, it alters the DNS settings next. By changing the DNS Settings, it provides full control to the hacker.
- Once the control goes into the hands of the hacker, a hacker can redirect any website the user wishes to visit with the website of hacker’s choice.
- Using the website of the hacker’s choice, the USBDriveBy creates an outbound connection by opening up a backdoor port to a remote server, allowing the computer to receive remote commands.
- Once the control goes to the remote server, a hacker can exploit the entire PC.
- While leaving the computer, any windows and settings screens that have been opened up are closed and footprints are swept up while the hacker leaves the PC.
So, basically, within a minute, an entire PC can be hacked by disabling a number of security layers and cleaning up its mess as well. It permanently leaves the computer with an open connection for all sorts of remote manipulations even after the USBDriveBy has been removed from the USB port.
Although the video shown below talks only about the Mac OS X but Kamkar states that the process is quite ‘easily extendable to Windows or Linux’. Once the harm is done, there is nothing much a user can do to protect himself from such attacks except for guarding his USB ports.
You can find more information about the USBDriveBy on Samy Kamkar’s website.