USB keystroke injection devices like the Diabolic Drive still pose a threat to unsuspecting users by installing malware to take over systems.
News
The Diabolic Drive’s name sounds as ominous as its potential payload. The recently developed USB wireless keystroke injection tool is intended to stress test networks, but could it potentially be used as a means to steal cryptocurrency from unwitting users?
The new gadget is set to be used by cybersecurity experts to test networks and business infrastructure against threats. As recent reviews highlight, the 64GB drive is Wi-Fi enabled once plugged into a system, allowing a user to access the connected device remotely.
According to a hardware review by Geeky-gadgets, the Diabolic Drive can fire a payload of a hypothetical malicious script remotely and can even be pre-programmed to execute commands as soon as it is plugged into a device.
These devices are impressive and scary. Amazing what can be built so easily and dangerous for those who are careless and don’t understand them. | Diabolic Drive is a penetration testing USB key with 64GB storage, ESP8266 and ATmega32U4 microcontrollers https://t.co/dBI6TTFhjq
— Scott C. Lemon (@humancell) July 7, 2023
Consider the scenario. You attend your favourite cryptocurrency conference and receive a nifty new USB as a gift from promoters on the floor. Plugging the device in after you open your laptop, the device has already begun injecting malware onto the system that will allow an attacker to steal your cryptocurrency holdings from your go-to wallet browser extension.
It’s a nightmare hypothetical scenario that still warrants some exploring of the “what if’s”. Cointelegraph reached out to a handful of cybersecurity firms to unpack the threat of a USB injection tool and the potential for attackers to steal your coins.
Zeki Turedi, CrowdStrike’s field CTO for Europe, said that USB keystroke and wireless keyboard/HID devices have been part of a penetration tester’s arsenal for many years:
“They simply allow, once the device has been plugged in, to run commands wirelessly or automatically into a victim’s machine. These devices themselves are not exactly malicious – it is the keystrokes that come after this that potentially could be.”
Turedi said that a device could then download malicious software giving an attacker control of the system. From there, the possibilities are endless, including the ability to “steal a victim’s crypto funds”.
A member of CertiK’s security team also told Cointelegraph that the Diabolic Drive could be used to steal cryptocurrency, while conceding that most devices would require physical access as well.
Related: How the IRS seized $10B worth of crypto using blockchain analytics
CertiK also noted that while hardware-based attacks were less prevalent in general, they were more likely to target individuals or entities with significant cryptocurrency holdings, due to their high value:
“The physical access these attacks require makes large crypto investors especially attractive targets for criminals.”
Turedi also noted that hardware-based attacks are still common for the cybersecurity industry to see and are most prevalent in supply chain contexts:
“A supply chain attack is a type of cyber event that targets a trusted third-party vendor who offers services or software vital to the supply chain. Hardware supply chain attacks compromise physical components for the same purpose.”
As for the simplest solution to avoid falling prey to a malicious, incognito USB compromising your system? CrowdStrike recommend using Next Generation Antivirus (NGAV) software that is able to detect and control what type of USB’s can interact with a system:
“Most of the keystroke tools appear to be a standard keyboard – this is why they are so difficult to block and why it is vital security teams deploy NGAV software.
CertiK takes it back to basics. Update your antivirus and operating systems and avoid plugging in USB devices or cables that you don’t fully trust or received unexpectedly:
“This applies even if the USB device seems to be from a reliable source or looks innocuous.”
More secure systems and networks might require “air-gapping”, where a user keeps a computer or device disconnected from the internet and local networks.
As Cointelegraph recently explored, rug pulls still remain a lucrative means for scam artists to prey on unsuspecting cryptocurrency users. Over $45 million was stolen in May 2023 through rug pulls and exit scams.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story