Teensy USB Review

Posted by Ace Hackman on

Teensy
Actual size is 1.2 by 0.7 inch 
The Teensy USB Development Board is a complete USB-based microcontoller development system. Only a standard Mini-B USB cable is needed to connect to a PC or Macintosh.  This version has solder pads for all I/O signals.

Overview:

A Teensy is like a "mini me" for a hacker.  Just about anything you can type at the keyboard, the Teensy can do, only faster and without typos.  Since it's recognized as a USB keyboard by the operating system, you don't have to worry about the computer being configured with Autorun disabled.  Once the drivers are loaded, the computer accepts any keystrokes that are programmed from the Teensy.

Pros:

The Teensy has a wide variety of uses.  In addition to acting as a USB keyboard, it can be used to control different devices, robotic and otherwise.  The hacker community has also developed several use cases and example code for this device to enable maximum fun and profit.  Example enhancements include attaching an 8-pin dip switch to the Teensy to enable up to 256 different payloads on the fly as well as attaching an SD card reader for transferring data to and from the target computer.  There's even one implementation of a Teensy being hidden inside a functional mouse with a bluetooth radio to allow for remote control!  For the hacker just getting started with Teensy, there are several pre-made programs in the Social Engineering Toolkit (SET) that can be easily loaded onto the Teensy for quick pwnage of a target computer to gain a remote shell, etc.  At less than $20, it's hard to beat the price as well.

Cons:

Unless you have knowledge of C programming, you're pretty much stuck with programs created by the comunity.  It's also a bit of a pain programming the Teensy, since flashing your program involves rebooting the device and hence, running the risk of "pwning yourself" in the process.  One way around this is to use Linux machine when programming for Windows pwnage.  In addition, it requires you to install several programs such as the "Teensy Loader" application as well as the Teensyduino and Arduino applications.  When installing, you have to be careful to make sure the versions of each application are compatible.

Real World: 

After meeting with a more "advanced" client, it was determined that the typical "Infected Media Drop" attack wasn't going to be effective.  While most organizations hadn't invested the time, effort and political capital in disabling Autorun, this organization took workstation security seriously.  This place even disabled USB storage devices all together!  Ace knew he would have a challenge on his hands.  Instead of just handing an employee a trojaned thumb drive, Ace would have to be more clever than that.  After casing the joint and deciding on the "meeting with an unavailable employee" scenario, he sat in the reception area.  Once he chatted it up with the receptionist, mentioning several times about how thirsty he was, she, of course, offered him a drink.  With only a few minutes of physical access to her workstation, he would have to be efficient in his pwnage.  Luckily he was prepared with the Teensy!  As soon as the receptionist turned the corner toward the breakroom, Ace sprung into action, plugging the Teensy into the USB port.  He watched with anticipation as the Windows 7 desktop loaded the drivers and then launched his attack.  Ace could feel his heart racing as he saw the command prompt open and characters fly across the screen.  In less than one minute, the Teensy had created the payload and executed it, connecting to the BackTack server on the internet and downloading a Metasploit Meterpreter "reverse shell" on the receptionist's desktop.  Ace quickly removed the Teensy and returned to the other side of the desk.  As she returned, Ace received a text message, informing him that the reverse shell connection had been established.  After thanking her for the drink, Ace told the receptionist he just got a text from his contact that they would have to reschedule their meeting.  Another day, another company owned!
 

Links to more information:



Information on programming a Teensy - http://www.pjrc.com/teensy/

Using the Social Engineering Toolkit (SET) with Teensy - http://www.offensive-security.com/metasploit-unleashed/SET_Teensy_USB_HID_Attack

← Older Post Newer Post →