ASafety - AntiSecurity Un projet qui vous tiendra @coeur...

[x[@♥]]

Hacking wireless presenters with an Arduino and Metasploit

Ma-gni-fique ! Une véritable étude, complète et démonstrative sur la corruption d'une télécommande de diaporama. En effet, il est possible de télécommander ses slides au sein d'une conférence ou d'une soutenance via de petit appareil dotés d'un émetteur USB et d'un récepteur.

Ce qui mi la puce à l'oreille à l'auteur de la recherche, c'est le fait qu'au moment de l'installation de l'appareil sur sa machine, celui-ci est détecté et installé comme étant un "clavier". Ainsi, comment corrompre l'émission des paquets de ce type d'appareil, pour étendre ses fonctionnalités liées aux diaporamas vers un véritable clavier? (voire même l'injection de shellcode).

C'est ce que nous présente "Niels Teusink" :

I gave a presentation this week at Hack in the Box in Amsterdam about hacking wireless presenters (slides here. My demo showed how I could abuse vulnerabilities in the product to get a Metasploit payload on to the PC of someone using a wireless presenter, by just sending keystrokes to it. This article describes how I did it and why you may be at risk if you use any wireless input device (such as a wireless mouse).

At lot of security research has been done on wireless keyboards in the last couple of years. 27Mhz keyboards were attacked successfully and can be sniffed using a home-built device. The same researchers took on modern 2.4Ghz devices as well at the end of last year.

At the beginning of this year, I started to look at the security of wireless presenters. The one I had, a Logitech R-R0001, is a 2.4Ghz presenter. I used it while giving my talk at HAR2009 last summer, so I was curious about the risks involved with its use. When you plug the accompanying USB dongle into your laptop, a new keyboard is detected, you can then use the presenter to control your Powerpoint presentation. So basically a wireless presenter is just a wireless keyboard with only a couple of buttons. For example: If you press the 'next slide' button, the computer the dongle simulates a page-down keystroke and Powerpoint displays the next slide. On of the things that worried me was: could someone in the audience send a 'next slide' command to the dongle in order to go to the next slide before I wanted to do so? Or worse: could he send random keystrokes to my laptop (after all, the device is a keyboard!). Wouldn't it be fun if you could make a random message appear on Steve Jobs' (or Steve Ballmer's) screen when he's giving his latest keynote? Needless to say doing so may be a criminal offence in your country.

In short: yes you can. Someone in the audience can control the slides and can send any keystroke you want to the victim, as if they were sitting at the keyboard. You can build a device to do this using an Arduino and a wireless module for about €30.

Article et étude complète ici!

Beaucoup de référence vers des outils et articles sont présents au sein du document, j'en soulève particulièrement un, celui de "remote-exploit" concernant la conception d'un scanner d'onde / keylogger pour claviers sans fil génériques.

Bonne journée!