Samy Kamkar (samy.pl) is an amazing security researcher. He used a Teensy to prove how easy it is to hack anything. A Teensy device is quite expensive and not a common piece of hardware. So we decided to turn an ordinary Arduino Uno into a malicious pwnDuino to prove how easy it is to hack anyone.
What it does
The client-side Python script images your Arduino Uno into a malicious pwnDuino. From there, you will be able to plug that pwnDuino into any computer, automatically pwning it. It will download a malicious VBscript payload that enables us to conduct malicious activities on the compromised computer, as well as establish a persistent connection to the computer through the pwnDuino app, available on Android.
How we built it
We utilized Android Studio and Atom.io to built the entire framework. Code for the Arduino was written in Arduino IDE.
Challenges we ran into
Compiling the code was lways problematic, as the malicious pwnDuino malfunctioned a bit, especially when attacking our dummy Windows computer.
Accomplishments that we're proud of
We are able to build an entire framework (still WIP however) in 12 hours. We felt that this would be a great Poc for the hacker community.
What we learned
Hardware-software interactions are usually difficult to control, and writing code that translates from the computer to the hardware can often be problematic
What's next for pwnduino
Writing a legitimate VBscript payload that can cause mayhem on a suppose-target computer.