Home > Articles > Cisco Network Technology > General Networking > Getting Owned: The USB Keystroke Injection Attack

Getting Owned: The USB Keystroke Injection Attack


  1. World Views
  2. The Technology
  3. A Weaponized Key
  4. Summary

Article Description

What do you call a USB-based device that can bypass all AV and autorun policies? Although most would consider it a perfect mischievous attack vector, Hyundai has used it as a tool to build customer loyalty. This leaves Seth Fogie wondering: Are people planning to use this technology maliciously?
The Technology

The Technology

At first glance, the Hyundai key looks like a standard USB drive. While it has the common form factor that many other vendors use to promote their product, the device is not used for data storage.

Instead, Hyundai has recruited the talents of Tenx Technologies Inc. to create a USB keyboard emulator that is automatically detected as a USB-based keyboard by the host operating systems. Once the OS recognizes the device as a keyboard and configures the port to receive "keystrokes," the chip on the USB key complies and sends a predefined set of keyboard strokes to the awaiting computer. Figure 2 shows us how OSX's USB Prober sees the device.

Figure 2 USB Prober

The end result is that the computer opens an Internet browser and retrieves the Hyundai website content.

Based on testing, the USB key has the capability to detect which operating system the host system is running (Windows/OSX) and can alter the keystroke combination accordingly.

The following details the keys entered on each of the OS:



Figure 3 provides a shot of the key in its disassembled state. Note that the chip is coated with epoxy to prevent tampering/reverse-engineering.

Figure 3 Hyundai key disassembled

3. A Weaponized Key | Next Section Previous Section