The ‘USB to Ego’ Attack

A brief backstory first, to set up the attack.

I arrived at the end of Honda’s FCEV launch, extra unfortunately, because there was water involved, a simulated rainstorm, rare. Like the guy mopping up said, “ya you missed a good one”.

It was in celebration of their latest invention – hydrogen fuel cell technology. Don’t know much about it, you know how I feel about Hybrids, points to Honda for being so bold in their design (coming 2015)…

….but this is a security post, so!

I was taking the below photo, the crowd was starting to thin, and a well-dressed gentleman appeared to my left.

“Hi Keri, here’s the USB key with photos and the presentation, have a good show”. We smiled at one another, he left, I went back to photo-ing.

It wasn’t until later that it hit me, it was so perfect a moment, maybe too perfect.

The Attack:

At a busy event, it’s normal to see a face once and never again, if you notice many faces at all, because cars.

Then an “executive” appears all full of flattery… “hello, I am noticing you, you are a name, so it’s important that you get this information, because you and your opinion matter”… take this USB key, put it into you computer… pretty good right?!

Appear, praise the ego > give a USB key > melt away >
wait a few hours >access target’s computer

NOTE: I’m not at all saying this is what occurred, just that it’s in the realm of possibility (Honda and I know one-another a long time (and if this is the case, USB guy: please LinkedIn me.))

The Defence: 

Never use a USB key you find laying around in public, or from a source you don’t totally trust.




Comment with Facebook