BSidesTLV 2023

Barcode scanners are disguised windows to your Windows
2023-06-29, 14:20–14:45 (Europe/Oslo), Smolarz

This talk is about probing and attacking a host computer using barcode scans. I will demonstrate the ability to upload a file to the host computer and execute it using multiple 2D barcode scans. The attacks were tested on popular barcode scanners using their default settings. No barcode scanner programming is required. No cooperative software is required. No internet connection is required.

  • Self-introduction
  • Give a short introduction to barcodes
  • Give a short introduction to two-dimensional barcodes
  • Give a short introduction to common two-dimensional barcode scanners
  • Give a few simple examples of how to use keyboard shortcuts and commands in Windows 10 and 11 to execute commands and gather information
  • Talk about control keys usage
  • Explain why pauses are required and how to generate pauses:
  • Talk about typing pauses and show an example: Show how to run PowerShell as an administrator, with UAC approval
  • Give a short introduction of the tests setup (computer and barcode scanners)
    Tell the audience that all three models were used with their out-of-the-box default settings. None of the scanners were programmed to support the attacks.
  • Play a 1-minute video that shows how two-dimensional barcodes scans cause Windows to do the following:
  • Open a command-line window as an administrator
  • Open a PowerShell window as an administrator
  • Download and execute a file
  • Talk about uploading a file and executing it using multiple barcodes scans
    No network connection is not required.
  • Present the file uploading and execution sequence
  • Give a short introduction to Base64
  • Explain how the file can be uploaded and executed, using CERTUTIL for Base64 decoding
  • Explain how the file can be uploaded and executed, without using CERTUTIL for Base64 decoding
  • Play a 2-minute video that shows file uploading and execution demonstrations:
  • File uploading and execution with CERTUTIL
  • File uploading and execution without CERTUTIL
  • Talk about a vulnerability I spotted in self-checkout point-of-sale (POS) systems:
    Many of these systems open the POS software in full-screen display mode.
    It enables an attacker to hide a window behind the POS software using ALT-TAB.
  • Give a short summary of the talk
  • Give some recommendations on how to defend against barcode scan attacks.

I started my professional life more than 30 years ago, hacking games and developing tools in my teen years.
Since then, I worked in several companies, developing both hardware and software.
I have six years of experience with telecommunication systems design and circuits.
For 14 years, I led multidisciplinary systems development as a systems engineer in the aerospace industry.