June 27, 2011 AT 4:10 pm

Hackers pierce network with jerry-rigged mouse (and a Teensy)

Mouse Guts

Hackers pierce network with jerry-rigged mouse

When hackers from penetration testing firm Netragard were hired to pierce the firewall of a customer, they knew they had their work cut out. The client specifically ruled out the use of social networks, telephones, and other social-engineering vectors, and gaining unauthorized physical access to computers was also off limits.

Deprived of the low-hanging fruit attackers typically rely on to get a toe-hold onto their target, Netragard CTO Adriel Desautels borrowed a technique straight out of a plot from Mission Impossible: He modified a popular, off-the-shelf computer mouse to include a flash drive and a powerful microcontroller that ran custom attack code that compromised whatever computer connected to it.

For the attack to work, the booby-trapped USB Logitech mouse had to look and behave precisely the same as a normal device. But it also needed to include secret capabilities that allowed the mouse to do things no user would ever dream possible.

The Teensy microcontroller programmed by the Netragard hackers was programmed to wait 60 seconds after being plugged in to a computer and then enter commands into its keyboard that executed malware stored on the custom-built flash drive snuck into the guts of the Logitech mouse. To squelch warnings from McAfee antivirus, which was protecting the customer’s PCs, the microcontroller contained undocumented exploit code that subverted the program’s dialogue boxes to evade detection.

Read more!


Check out all the Circuit Playground Episodes! Our new kid’s show and subscribe!

Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Learn resistor values with Mho’s Resistance or get the best electronics calculator for engineers “Circuit Playground”Adafruit’s Apps!



2 Comments

  1. Hmm… well, that’s a different take on a plague-carrying-mouse! 8-O

  2. gaining unauthorized physical access to computers was also off limits.

    So how did they hook up the mouse? By magic. Or maybe it was an inside job, either way they broke the rules and fail.

Sorry, the comment form is closed at this time.