Physical Attacks – SY0-601 CompTIA Security+ : 1.2

Attackers often use physical devices to assist with their attack. In this video, you’ll learn about the use of malicious USB cables, malicious flash drives, skimming, and card cloning.

<< Previous Video: Password Attacks Next: Adversarial Artificial Intelligence >>

Attacks aren’t always done across the network. There are many attacks that are physical attacks. One type of physical attack might be with a malicious USB cable. This looks like a perfectly normal USB cable. We would use it to plug into our computer and charge our systems, except it has some additional electronics inside. It could, in fact, tell your operating system that it is a HID, or a human interface device. This is the categorization for keyboards and a mouse, so when you plug in this malicious USB cable, it’s able to start typing anything that it would like into your system. So you might plug in the cable, it would start up a command prompt, it would type in some commands to download some malware from a third party site, and now your system is infected. This is why you shouldn’t simply plug-in any USB cable that you happen to find. You need to have some trusted knowledge of where this cable came from, and trust that it came from a reliable source.

Similar to the malicious USB cable is the malicious flash drive. This may be a perfectly normal working flash drive, but it may have some additional electronics inside that could cause problems on your system. You might be walking through the parking lot, there’s a flash drive on the ground. Most people would want to know what’s on this flash drive, and could they use this flash drive themselves, but plugging in this device is probably going to be a bad idea. In older operating systems, we automated the processes that occurred when you plugged in a flash drive, and would have programs run automatically from that particular storage device. Obviously, this is a significant security concern, and in most modern operating systems, this automated functionality has been removed. But just as with our USB cable, we could still run things from a USB flash drive by adding additional electronics inside that have this device recognized as a HID, or human interface device. So it appears to be a keyboard or mouse, and when you plug in the flash drive, you’ll notice the command prompt will open, a lot of things start typing in, and suddenly your system is now infected with malware.

Even without that human interface device functionality, there are ways for attackers to simply put files on the flash drive that might infect your system. For example, you can put malicious software inside of PDF files, or have malicious macros run inside of spreadsheets. If your USB interface is configured with a boot device, you might forget that you have this USB drive installed, and when you restart the system, the USB drive infects your system during the boot process. Add some additional electronics, and this flash drive can turn into a wireless interface that can then act as a host for other devices to connect into your system, and you now become a jumping off point for an attacker who may want to gain access to your internal network. These are just some of the reasons why you want to be very careful about what USB devices you connect to your computer.

Stealing credit card information has become a big business, and there’s so many different ways that the bad guys are trying to gain access to our credit card numbers. One way they’re able to do this is with skimming. This is stealing our credit card information as we use the card for some other purpose. It’s copying information, either from the magnetic stripe that’s on that credit card, or it may be gathering information from the computer system that you’re plugging it into. This would have your credit card number, expiration dates, the cardholder’s name, and anything else that’s on that magnetic stripe. The attackers are usually adding additional hardware to the card reader on the device that you’re using, and if you’re at an ATM, they may also have a camera that’s monitoring what buttons you press when you put your PIN into the system. The attackers will, obviously, skim your credit card numbers, and then use that information to perform other financial transactions. This is why you should always check very carefully when using a card reader– maybe pull on the card reader itself and make sure it doesn’t pop out of the system, and make sure that everything associated with the card reader looks like it is built into the original unit.

Here’s an example of a card reader where the attacker had to create a little bit of a wider connection to be able to fit their card reader in, and this piece of plastic on the inside is the one put there by the attacker. You can see they didn’t do a very good job. They damaged the system itself, and if you walked up to this system and examined it prior to you putting your card in, you would notice that something about this did not look quite right. Some banks have tried to put some oddly-molded plastic around the outside of their ATMs as a way to try to prevent somebody from adding their own skimmer into the system. They might also put some type of colored or lighted piece of plastic on the outside, so you can see this is original to the ATM and not added by a third party.

Sometimes, attackers are going to use this credit card information that they’ve skimmed to perform online transactions, but sometimes the attacker needs another physical card to use. In that case, they’re going to clone the details of your card. They’ll create an exact duplicate of your credit card, with all the same numbers and information, and they’ll put even the same CVC, or card validation code, on the back of the card as well. The attackers are cloning the magnetic stripe that’s on the back of the card, so obviously they would only be able to use this card in transactions that took that magnetic stripe. The chips that are on the inside of our cards are not able to be duplicated and can’t be cloned by the attackers.

One very common use of magnetic stripes on cards is gift cards. The attackers will clone a gift card, they’ll wait for that card to be activated, and then they’ll use the gift card before the legitimate user is able to do so.