An American developer has posted a video demonstrating how easy it is to gain full control over a computer using specially prepared USB device. Using a $20 microcontroller, small enough to wear around the neck, it's possible to gain control over a machine in seconds, simply by emulating a keyboard and mouse that automatically execute commands on the victim's machine. After the device has been removed, the computer can be remotely controlled by the attacker.
The device is called USBdriveby and can be considered an easy to use version of the BadUSB exploit. BadUSB is a hack that allows attackers to gain control over a computer using a modified USB microcontroller. The BadUSB hack is much more sophisticated as the victim could stick an infected USB device in their own PC and not even notice BadUSB is doing its job. However to use BadUSB technical knowlegde is required, USBdriveby makes hacking a computer over USB much easier.
USBdriveby requires an unattended computer and a couple of seconds to do its job. While it's running it's possible to see what it's doing and another requirement is that the currently logged in user has enough system privileges to actually make modifications to the system preferences. Nevertheless, USBdriveby shows that a cheap and small device can cause a lot of damage. After the USBdriveby has done its job the computer can be fully controlled by the attacker.
Currently the hack only works on OS X, but according to the developer it should be easy to make it work on Windows and Linux machines. The source code of USBdriveby has been posted on open source hosting service Github.
