Ask HN: What stops a random USB device from rooting Windows?
Ok so I’m learning computer security and I had an idea for an attack method and it’s so simple I wanna know if it’s already put into practice.
Basically it would be a USB device that tells the Windows system it’s a generic keyboard+mouse. Then it would simulate the entry of input something like: 1) WinKey + R 2) cmd.exe [enter] 3) [enters or pasted a malicious script] 4) await UAC prompt. Click pre-calculated dimensions for the button based on screen size/dpi ratio..
Now the entire system is rooted in under 2 seconds.
Can someone explain what mitigations if any Microsoft has put in place (prior to the recent ASR which is new and probably also vulnerable?) to disable this [fake mouse and keyboard attack] ?
18 comments
[ 2.9 ms ] story [ 46.0 ms ] thread[0] https://shop.hak5.org/products/usb-rubber-ducky-deluxe
[1] https://sequr.be/blog/2021/02/attiny85-rubber-ducky/
The people for whom this would be most useful already have the resources to build it themselves!
https://github.com/joer14/hackers-doorbell
> USB Keyboard Guard
> Protects you against manipulated USB devices that pretend to be keyboards, even though they look like USB sticks or external hard drives.
it has no way of telling that that device isn't a logitech keyboard, and can't tell that it's not the user opening up elevated cmd.exe and accepting the prompt
> Kaspersky Endpoint Security's technology will not authorize any HIDs unless the user inputs a code using a HID already authorized to do so.
If they are an admin, they could just do this manually.
Either way, no privilege escalation, which "rooting" typically implies.
Sure, you could make a USB stick that automates any user input, but you could just make the same inputs yourself with the keyboard and mouse already at the machine. What kind of situation does this actually benefit you in?
The reason you can't is because many newer wireless devices have encryption, but how many people know or care when they buy one?
I spent a not insignificant amount of time looking into this, but for the purpose of making a game AI, not for hacking other people's computers.