Skip to content

Latest commit

 

History

History
117 lines (67 loc) · 3.65 KB

File metadata and controls

117 lines (67 loc) · 3.65 KB

Using Legos as a Malware Attack Vector

Simple demonstration on how to make LEGOS a vector for propagating malware.



One day I asked myself ...
Is it possible to use apparently harmless objects for the purpose of spreading malware?
The answer is: Of course yes ...

How does it work?

In the end it is very simple, even if a little laborious, to recreate a similar attack.
In practice, just create a QR-code that contains the connection to a server (or web page)
that contains the malicious code, and then reproduce it with Lego bricks.

In my example I have used a simple CSS attack, which is capable of crashing various browsers.
The attack has now been largely mitigated, but it still does its job,
especially on outdated devices, or out-of-date browsers.

More info: https://github.com/JonnyBanana/BANANA_CRASHER


Obviously this is just an example for testing purposes, but malware of any kind
can be processed, and then repurposed with this technique.



How it was done?

1: Creation of code that will be inserted in a web page(also Github is good).
Or you can use the attack I used in the example: https://github.com/JonnyBanana/safari-ie-reaper.github.io

2: Insert the infected web page into a QR Code.
just use a web service like this: https://qr-code-generator.com/

3: Print the QR Code.

4: Sectorization of the QR-code.
You can easily use some programs, but I wanted to have fun and I did it "old school style".
If you opt for the program, perform this step first before printing the QR Code.



5: Now it's time to figure out how many blocks of lego bricks you need,
once you have a clear idea it's time to spend on ebay...

I think I spent about € 50 on LEGO bricks, to recreate the QR Code.
Obviously, leaving some bricks for future projects. You need both LEGO PLATES
(for the bases and the creation of the QR-CODE blocks)
and LEGO BRICKS (to hold the base together).

6: Once you have all the pieces, you must then reproduce the QR Code exactly with the LEGO bricks.

7: It's time to test!
If all went well, the QR Code will be read easily by any QR Code Reader!
If it doesn't work, try to figure out where the wrong block (s) is,
otherwise unzip everything and start over.


See on YouTube Here:

BQOD


See also "Lego Pirate Caravan with Raspberri Pi & Pimoroni Pi HAT":

BQOD


This is just one of the umpteenth demonstrations of how to use an object
for a different (or contrary) purpose to that for which it was created.
This was just one of the easiest ways to do it...

I hope you enjoy it.