WEBVTT 00:00:00.000 --> 00:00:06.740 align:middle line:90% 00:00:06.740 --> 00:00:09.530 align:middle line:84% So another physical device that I want to show you 00:00:09.530 --> 00:00:13.500 align:middle line:90% is called a Key Croc. 00:00:13.500 --> 00:00:18.740 align:middle line:84% So this is designed to sit between the actual USB keyboard 00:00:18.740 --> 00:00:20.490 align:middle line:90% and the computer. 00:00:20.490 --> 00:00:24.380 align:middle line:84% So this, again, is another device from Hak5. 00:00:24.380 --> 00:00:26.600 align:middle line:90% It's an Arduino-based device. 00:00:26.600 --> 00:00:29.133 align:middle line:84% Again, it sits between the USB keyboard and the computer. 00:00:29.133 --> 00:00:30.800 align:middle line:84% So what this is, is when you plug it in, 00:00:30.800 --> 00:00:32.750 align:middle line:90% it operates as a key logger. 00:00:32.750 --> 00:00:35.630 align:middle line:84% So anything someone's typing on the computer, 00:00:35.630 --> 00:00:37.430 align:middle line:90% it's going to start recording. 00:00:37.430 --> 00:00:39.980 align:middle line:84% So I can take a look at passwords, usernames, 00:00:39.980 --> 00:00:42.080 align:middle line:90% and other critical information. 00:00:42.080 --> 00:00:44.990 align:middle line:84% And it's just passively sitting there. 00:00:44.990 --> 00:00:48.740 align:middle line:84% It's passing traffic through the keyboard, through this device, 00:00:48.740 --> 00:00:50.030 align:middle line:90% back to the computer. 00:00:50.030 --> 00:00:52.010 align:middle line:84% Antiviruses generally won't pick it up, 00:00:52.010 --> 00:00:54.650 align:middle line:84% because it's not executing a software payload. 00:00:54.650 --> 00:00:56.270 align:middle line:84% It's just a physical device sitting 00:00:56.270 --> 00:01:01.060 align:middle line:84% there intercepting that traffic before it passes it off. 00:01:01.060 --> 00:01:03.850 align:middle line:84% So that's pretty dangerous in itself. 00:01:03.850 --> 00:01:05.530 align:middle line:84% What also makes this really dangerous 00:01:05.530 --> 00:01:07.905 align:middle line:84% is it's capable of launching attacks that can be executed 00:01:07.905 --> 00:01:08.960 align:middle line:90% by typing on a keyboard. 00:01:08.960 --> 00:01:13.690 align:middle line:84% So it has the same scripting payload as a USB Rubber Ducky. 00:01:13.690 --> 00:01:16.120 align:middle line:84% And also, it has a WiFi adapter built in, 00:01:16.120 --> 00:01:19.300 align:middle line:84% so I can remotely trigger this thing, 00:01:19.300 --> 00:01:23.420 align:middle line:84% or I can remotely transfer that information that it collected. 00:01:23.420 --> 00:01:25.840 align:middle line:84% So if I somehow sneak in there, I 00:01:25.840 --> 00:01:28.700 align:middle line:84% plug it in to someone's computer - let's be honest, 00:01:28.700 --> 00:01:31.510 align:middle line:84% how often do you look at - follow all the cables 00:01:31.510 --> 00:01:34.060 align:middle line:84% on your USB - cables from your computer 00:01:34.060 --> 00:01:35.740 align:middle line:90% to wherever it's going? 00:01:35.740 --> 00:01:38.720 align:middle line:84% Probably not very often, especially your keyboard. 00:01:38.720 --> 00:01:41.990 align:middle line:90% So it's small. 00:01:41.990 --> 00:01:43.250 align:middle line:90% It's inconspicuous. 00:01:43.250 --> 00:01:45.620 align:middle line:84% I can trigger the payload remotely. 00:01:45.620 --> 00:01:49.640 align:middle line:84% I could have it transfer the information from the device 00:01:49.640 --> 00:01:51.320 align:middle line:90% back to me wirelessly. 00:01:51.320 --> 00:01:54.050 align:middle line:84% And I don't even have to get physical access back 00:01:54.050 --> 00:01:56.220 align:middle line:84% to that computer again, once I get it on there. 00:01:56.220 --> 00:02:00.840 align:middle line:84% So again, that's a pretty dangerous thing to have. 00:02:00.840 --> 00:02:03.740 align:middle line:84% Now, the last one I want to show you is called the USB Ninja. 00:02:03.740 --> 00:02:08.389 align:middle line:84% So if we look at this, it looks like any other lightning cable. 00:02:08.389 --> 00:02:09.979 align:middle line:90% It's simple. 00:02:09.979 --> 00:02:12.650 align:middle line:84% Most people aren't going to think, well, 00:02:12.650 --> 00:02:13.710 align:middle line:90% it's something dangerous. 00:02:13.710 --> 00:02:16.790 align:middle line:84% No, it's a lightning cable for your phone, 00:02:16.790 --> 00:02:19.710 align:middle line:84% to charge your phone or your device. 00:02:19.710 --> 00:02:23.630 align:middle line:84% They also have USB-C versions of this. 00:02:23.630 --> 00:02:28.360 align:middle line:84% So this clever device is similar to the USB Rubber Ducky. 00:02:28.360 --> 00:02:31.510 align:middle line:90% So it's by the Hackerwarehouse. 00:02:31.510 --> 00:02:33.970 align:middle line:84% It looks like an ordinary USB charging cable. 00:02:33.970 --> 00:02:35.470 align:middle line:84% Matter of fact, when you plug it in, 00:02:35.470 --> 00:02:37.660 align:middle line:84% it operates like a standard phone cable. 00:02:37.660 --> 00:02:40.150 align:middle line:90% So you plug it in the computer. 00:02:40.150 --> 00:02:42.487 align:middle line:84% Well, if a malicious hacker is using it, 00:02:42.487 --> 00:02:44.320 align:middle line:84% they're hoping you plug it in your computer. 00:02:44.320 --> 00:02:47.037 align:middle line:84% Plug your phone in, and then it's going to start charging. 00:02:47.037 --> 00:02:49.120 align:middle line:84% Matter of fact, you can charge your phone with it. 00:02:49.120 --> 00:02:52.457 align:middle line:84% You could transfer information back 00:02:52.457 --> 00:02:54.040 align:middle line:84% from your phone to your computer, just 00:02:54.040 --> 00:02:55.870 align:middle line:90% like any other phone cable. 00:02:55.870 --> 00:02:58.015 align:middle line:84% But it's capable of launching attacks that 00:02:58.015 --> 00:03:00.040 align:middle line:90% are typed on a keyboard again. 00:03:00.040 --> 00:03:02.140 align:middle line:84% And it uses a scripting language. 00:03:02.140 --> 00:03:03.490 align:middle line:90% It can be triggered remotely. 00:03:03.490 --> 00:03:04.960 align:middle line:90% I believe it's Bluetooth. 00:03:04.960 --> 00:03:07.768 align:middle line:90% 00:03:07.768 --> 00:03:09.560 align:middle line:84% Again, it looks like any other phone cable. 00:03:09.560 --> 00:03:11.430 align:middle line:84% You could drop this cable somewhere, 00:03:11.430 --> 00:03:13.430 align:middle line:84% hoping someone's going to pick it up and use it. 00:03:13.430 --> 00:03:16.650 align:middle line:84% You could swap someone's real phone cable with this. 00:03:16.650 --> 00:03:18.687 align:middle line:84% And again, it's pretty innocuous. 00:03:18.687 --> 00:03:21.020 align:middle line:84% And it could be in conjunction with a social engineering 00:03:21.020 --> 00:03:21.520 align:middle line:90% attack. 00:03:21.520 --> 00:03:23.840 align:middle line:84% I could go, oh, hey, could I plug my phone 00:03:23.840 --> 00:03:25.730 align:middle line:84% into your computer and charge it? 00:03:25.730 --> 00:03:26.630 align:middle line:90% I have a cable. 00:03:26.630 --> 00:03:29.435 align:middle line:84% Or you could be talking with someone. 00:03:29.435 --> 00:03:31.310 align:middle line:84% While they're distracted, you swap the cable. 00:03:31.310 --> 00:03:33.290 align:middle line:84% Or you could hand someone a cable and go hey, 00:03:33.290 --> 00:03:36.470 align:middle line:84% I bought you a phone cable here to charge your phone. 00:03:36.470 --> 00:03:39.800 align:middle line:84% I noticed your other one was pretty old, so here you go. 00:03:39.800 --> 00:03:42.260 align:middle line:90% Here's a phone cable. 00:03:42.260 --> 00:03:45.110 align:middle line:84% And then remotely trigger the payload. 00:03:45.110 --> 00:03:47.285 align:middle line:84% And go, OK, well, they're getting up to make a copy, 00:03:47.285 --> 00:03:49.160 align:middle line:84% or they're going to the bathroom or whatever. 00:03:49.160 --> 00:03:50.450 align:middle line:90% Click. 00:03:50.450 --> 00:03:53.000 align:middle line:84% Execute the payload on their computer. 00:03:53.000 --> 00:03:56.720 align:middle line:84% Again, these are all very dangerous physical attacks 00:03:56.720 --> 00:03:58.480 align:middle line:90% on the network. 00:03:58.480 --> 00:04:00.000 align:middle line:90%