Barcodes and barcode scanners are ubiquitous in many industries and work with untrusted data on labels, boxes, and even phone screens. Most scanners also allow programming via barcodes to manipulate and inject keystrokes. See the problem?
By scanning a few programming barcodes, you can infect a scanner and access the keyboard of the host device, letting you type commands just like a Rubber Ducky. This culminates in barcOwned - a small web app that allows you to program scanners and execute complex, device-agnostic payloads in seconds. Possible applications include keystroke injection (including special keys), infiltration and exfiltration of data on air-gapped systems, and good ol' denial of service attacks.
This session will be held bu Michael West, aka T3h Ub3r K1tten. Micheal is a National Technical Advisor at CyberArk who enjoys combining his software dev background with infosec to build tools for others. Michael was featured at DEF CON 26, has spoken at many BSides events around the US, and talks regularly at small events like the Dallas Hackers Association. His interests include OSINT, amateur radio, and scanning long barcodes on the beach.
Kom og lær hvordan selv frokostblandingen din kan gi deg tilgang til shell i ulike systemer! Og hvordan du kan beskytte deg mot dette!