The Human Interface Device Attack Vector: Research and Development

In recent years, remote exploitation and usb auto-run have become less reliable methods of gaining a foothold inside a target organization. However, blended “cyber-physical” social engineering attacks have shown high rates of success and low rates of detection. The malicious emulation of human interaction will continue to remain a powerful technique in the offensive arsenal for as long as humans need to interface with computers. This talk discusses the Human Interface Device Attack Vector and the design and creation of trojan usb and bluetooth mice and keyboards, which can be employed effectively by anyone who can gain physical access or able to deceive someone who has the required access, such as second-story men, disgruntled employees or social engineers.

Presented by