A brief backstory first, to set up the attack.
I arrived at the end of Honda’s FCEV launch, extra unfortunately, because there was water involved, a simulated rainstorm, rare. Like the guy mopping up said, “ya you missed a good one”.
It was in celebration of their latest invention – hydrogen fuel cell technology. Don’t know much about it, you know how I feel about Hybrids, points to Honda for being so bold in their design (coming 2015)…
….but this is a security post, so!
Image may be NSFW.
Clik here to view.
I was taking the below photo, the crowd was starting to thin, and a well-dressed gentleman appeared to my left.
Image may be NSFW.
Clik here to view.
“Hi Keri, here’s the USB key with photos and the presentation, have a good show”. We smiled at one another, he left, I went back to photo-ing.
It wasn’t until later that it hit me, it was so perfect a moment, maybe too perfect.
The Attack:
At a busy event, it’s normal to see a face once and never again, if you notice many faces at all, because cars.
Then an “executive” appears all full of flattery… “hello, I am noticing you, you are a name, so it’s important that you get this information, because you and your opinion matter”… take this USB key, put it into you computer… pretty good right?!
Appear, praise the ego > give a USB key > melt away >
wait a few hours >access target’s computer
Image may be NSFW.
Clik here to view.
NOTE: I’m not at all saying this is what occurred, just that it’s in the realm of possibility (Honda and I know one-another a long time (and if this is the case, USB guy: please LinkedIn me.))
The Defence:
Never use a USB key you find laying around in public, or from a source you don’t totally trust.
Image may be NSFW.
Clik here to view.
The post The ‘USB to Ego’ Attack appeared first on KeriBlog.
