Beware Used or Discount Devices

Because of the introduction of BadUSB, some cybercriminals have been modifying hardware peripherals with some extra storage, some wireless and remote connectivity, and a lot of quality hacker ingenuity.

keyboard_animation
Keyboard with a hardware keylogger built into it

This type of genius is nothing new in the hacker scenes, as far back as four years ago, a security company was able to create the “Trojan Mouse” as described in Forbes, where a mouse was opened up, a USB drive was placed into it, and it was resealed and mailed to a specific user at the target company. When the mouse was eventually plugged in, the malware ran, opened a connection to the outside, and allowed full access into the company.

Many instructions are online on how to open up USB peripherals and attach a USB to them, opening the door for cyber theft and spying. Sale of these devices are now common through garage sales, flea markets, and Craigslist and eBay among other popular sale websites. If a cyber criminal is going to convince you to buy a hardware exploit to use on you, he/she might as well get paid!

When shopping for mice, keyboards, or anything that has USB, try to go for new, factory sealed devices. Though there is speculation that the NSA (very interesting read) and Chinese manufacturers are trying to infect the source of the supply line, at least the company will be there to assist with replacement of the devices or in the very least, a company to sue.

This entry was posted in Security Blog and tagged , , , , , , , , , , , , , . Bookmark the permalink.