evil USB dongles

Just when you thought you've seen it all:
Here's a new twist:



There are NOT USB drives!
They pretend to be a KEYBOARD and send the Windows sequence
WINDOWS-KEY-R for "run command"
followed by a command sequence to bring up a web browser to their URL
This gets around any disabled "autoplay"!
Of course, it's free to run ANY command it wants. Danger, Will Robinson!

Google for the ID string
ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]
and you'll read how they're being mailed to people as advertising! BEWARE!

click here to see the full ID for the Emulex card,
click here for the full ID of the McAfee card.

Looking Inside

I tried to open mine but the glue's stronger than the solder.
But that's okay, I can now poke around the serial EEPROM just like those who declawed the CueCat! (more here) (and wiki).

This clever fellow documented how it works.
Since I use Linux, here's more detailed info: All I saw on the screen was:
r^[O119119119046101109117108101120046099111109047098117122122
Deciphering the ALT keyboard sequences reveals:
119 w
119 w
119 w
046 .
101 e
109 m
117 u
108 l
101 e
120 x
046 .
099 c
111 o
109 m
047 /
098 b
117 u
122 z
122 z

I intend to
  1. Read the EEPROM and see if it can be re-purposed
  2. Trace the PCB to see if it's easy to assert signals for programming the EEPROM
  3. Find a way to open it without damage, perhaps a proper glue solvent

Other Resources

Plug and Prey: Malicious USB Devices Presented at Shmoocon 2011 by Adrian Crenshaw
Abstract
This paper is meant as an overview of malicious USB devices. The paper will first lay out a proposed set of categories for malicious USB devices, how these categories function, how they differ, and how they can be used by an attacker. Next the paper will offer information on how these threats can be technically detected and mitigated, as well as human practices that can help alleviate the threats posed by malicious USB devices.

Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device
The Phantom Keystroker acts as a keyboard/mouse USB HID (Human Interface Device) to send keystrokes, move the mouse pointer around randomly, toggle caps lock and other things to annoy your co-workers and loved ones.

D-I-Y USB Arduino emulates a keyboard to deploy payloads.
All of the attack vectors have been added to the Social-Engineer Toolkit (SET) v2.0.

Russell Butturini - Using the Hak5 U3 Switchblade as an Incident Response and Forensics Tool (Phreaknic 12)
This talk will explain how to adapt the Hak5 switchblade, originally conceived as an attack/pen-testing tool into an incident response and forensics tool using different utilities. Adaptations of the original solution using a non-U3 drive and a more automated solution using U3 technology will be discussed.