\"USBI joined the Security Interest Group in our workplace and one of my quest is to make it as my secondary job since I\’m interested in security-related programs, vulnerability assessment and protection.

One of my concern right now is how to find relevant information to prove that the improper use of a typical USB flash disk (thumb drive) is a security threat to our workplace. Then I stumbled upon the Hak .5 video podcast episode 2×03 regarding USB Hacksaw:

The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Sounds cool and dangerous.

I tried the proof of concept and I wasn\’t able to get the expected result because one of the program was detected as trojan. I am using a corporate anti-virus during my test. If you are not using an updated anti-virus, good luck.

The USB switchblade is supposed to silently steal information from a victim PC with Windows 2000, XP or 2003 OS while a USB hacksaw is supposed to copy files of the unsuspecting user of your PC. The switchblade can be defeated by disabling the autorun option in Windows and using an updated anti-virus. However it is not guaranteed that this precautionary measure will really help the victim. At this moment, the password recovery tool is yet to be encrypted. Using anti-virus disabler can also enable the switchblade do its job unsuspectedly. The thing is, with USB Hacksaw, the hacker (host PC) may have overriden his or her anti-virus program so that the stealthy program does its job copying the whole content of the victim\’s USB.

When you read things like this, you will now have second thoughts on plugging in someone\’s else thumb drive in your PC or laptop or using your thumb drive in someone\’s else PC or laptop. There are some flash disks with password protection and encryption but I doubt that it will be useful at all. So the next time you use flash disk, handle it with care because it is regarded as a security threat.

Links:
Hak .5 Wiki – USB Hacksaw

  • w00t! paano nman malalaman kung may ganun ang mga flash disks ko? nkakatakot…waaa…sapat n b ang isang freeware antivirus program tulad ng AVG para sugpuin cia?

  • MV

    It’s impossible to tell if your USB is being copied by a Hacksaw since the USB Hacksaw is hosted in someone else’s PC, not in your flash drive. If your USB LED indicator is flashing like mad even if you are not accessing the flash drive perhaps the host PC has a Hacksaw.

    In the case of Switchblade, for the love of your PC, don’t insert a flash drive of a person you do not trust. However, the password stealer can be detected at the moment since it is not encrypted. It can be improved and engineered to stop your AV from detecting it or stop the AV engine entirely.

Scroll to Top