Implementasi Password Stealing Attack Terhadap Saved Password Pada Browser Komputer Menggunakan Digispark Attiny85
DOI:
https://doi.org/10.56706/ik.v17i1.69Keywords:
Digispark, Password, password stealing attack, malicious softwareAbstract
Password merupakan metode autentikasi yang paling umum digunakan. Namun, terdapat permasalahan dalam penggunaannya, pengguna harus mengingat password miliknya secara terus-menerus. Solusi dari permasalahan tersebut yaitu dengan menggunakan password manager. Saat ini, sudah terdapat password manager yang terintegrasi dengan browser komputer. Namun, sayangnya keamanan pada password manager tersebut tidak sepenuhnya melindungi data pribadi pengguna karena password yang disimpan pada password manager tersebut akan tersimpan dalam suatu file. Hal itu dapat dimanfaatkan pihak jahat untuk mencuri file saved passsword tersebut dengan melakukan password stealing attack menggunakan malicious software (malware). Diantara sekian banyaknya jenis malware, terdapat malware yang dapat dijalankan dengan menggunakan microcontroller universal serial bus (USB). USB interface merupakan bidang yang masih mungkin untuk diserang karena firmware perangkat USB tidak bisa dideteksi oleh perangkat lunak antivirus. Oleh karena itu, pada penelitian ini akan dilakukan implementasi password stealing attack untuk mencuri file saved password menggunakan perangkat microcontroller USB serta memberi pengetahuan terkait dampak yang disebabkan oleh serangan tersebut. Microcontroller USB yang digunakan pada penelitian ini adalah Digispark Attiny85 Tahap implementasi yang dilakukan meliputi penentuan fungsi, pembuat program, melakukan uji coba, dan menganalisis dampak. Setelah dilakukan implementasi dan ujicoba password stealing attack pada Digispark Attiny85, didapatkan hasil bahwa password stealing attack dapat diimplementasikan pada Digispark Attiny85 dengan bukti tercurinya file saved password dan seluruh fungsi pada program berjalan dengan semestinya.
References
G. Hu, “On password strength: A survey and analysis,” Stud. Comput. Intell., vol. 721, no. January, pp. 165–186, 2018, doi: 10.1007/978-3-319-62048-0_12.
T. Khodadadi, A. K. M. M. Islam, S. Baharun, and S. Komaki, “Evaluation of recognition-based graphical password schemes in terms of usability and security attributes,” Int. J. Electr. Comput. Eng., vol. 6, no. 6, pp. 2939–2948, 2016, doi: 10.11591/ijece.v6i6.11227.
A. P. Sabzevar and A. Stavrou, “Universal multi-factor authentication using graphical passwords,” SITIS 2008 - Proc. 4th Int. Conf. Signal Image Technol. Internet Based Syst., pp. 625–632, 2008, doi: 10.1109/SITIS.2008.92.
P. Shi, B. Zhu, and A. Youssef, “A PIN entry scheme resistant to recording-based shoulder-surfing,” Proc. - 2009 3rd Int. Conf. Emerg. Secur. Information, Syst. Technol. Secur. 2009, pp. 237–241, 2009, doi: 10.1109/SECURWARE.2009.43.
L. Catuogno and C. Galdi, “Graphical Passwords,” vol. 4, pp. 111–128, 2012, doi: 10.4018/978-1-4666-0978-5.ch006.
P. Gasti and K. B. Rasmussen, “On the security of password manager database formats,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 7459 LNCS, pp. 770–787, 2012, doi: 10.1007/978-3-642-33167-1_44.
S. GlobalStats, “Desktop Browser Market Share Indonesia,” October, 2021. https://gs.statcounter.com/browser-market-share/desktop/indonesia (accessed Nov. 06, 2021).
J. B. Billa, A. Nawar, M. M. H. Shakil, and A. K. Das, “PassMan: A New Approach of Password Generation and Management without Storing,” 2019 7th Int. Conf. Smart Comput. Commun. ICSCC 2019, pp. 1–5, 2019, doi: 10.1109/ICSCC.2019.8843591.
V. S and K. Palanivel, “A Survey on Password Stealing Attacks and Its Protecting Mechanism,” Int. J. Eng. Trends Technol., vol. 19, no. 4, pp. 223–226, 2015, doi: 10.14445/22315381/ijett-v19p239.
M. Faizal, A. Razak, N. Badrul, R. Salleh, and A. Firdaus, “The rise of ‘ malware ’ : Bibliometric analysis of malware study,” J. Netw. Comput. Appl., vol. 75, pp. 58–76, 2016, doi: 10.1016/j.jnca.2016.08.022.
J. Jang-Jaccard and S. Nepal, “A survey of emerging threats in cybersecurity,” J. Comput. Syst. Sci., vol. 80, no. 5, pp. 973–993, 2014, doi: 10.1016/j.jcss.2014.02.005.
A. Hussain, M. Hammad, K. Hafeez, and T. Zainab, “Programming a Microcontroller,” Int. J. Comput. Appl., vol. 155, no. 5, pp. 21–26, 2016, doi: 10.5120/ijca2016912310.
Electronic-web.com, “INTRODUCTION TO DIGISPARK – A SMALLER, CHEAPER AND POWERFUL ARDUINO BOARD,” 2018. https://www.electronics-lab.com/introduction-digispark-smaller-cheaper-powerful-arduino-board/ (accessed Nov. 06, 2021).
B. Cannoles and A. Ghafarian, “Hacking experiment using USB rubber ducky scripting,” IMCIC 2017 - 8th Int. Multi-Conference Complexity, Informatics Cybern. Proc., vol. 2017-March, no. 2, pp. 73–78, 2017.
H. E. Harianto and D. Gunawan, “Wi-Fi password stealing program using USB rubber ducky,” Telkomnika (Telecommunication Comput. Electron. Control., vol. 17, no. 2, pp. 745–752, 2019, doi: 10.12928/TELKOMNIKA.V17I2.11775.
Verizon Business, “Data Breach Investigations Report (DBIR) 2021,” Trends, pp. 1–62, 2021, [Online]. Available: rp_data-breach-investigations-report-2013_en_xg.pdf.
I. P. Specialist, “CEH V10 EC - COUNCIL CERTIFIED ETHICAL HACKER,” 2018.
A. O. Eze and C. C. E, “Malware Analysis and Mitigation in Information Preservation,” J. Comput. Eng., vol. 20, no. 4, pp. 53–62, 2018, doi: 10.9790/0661-2004015362.
Digistump, “Digispark USB Development Board,” 2015. http://digistump.com/products/1 (accessed Nov. 07, 2021).
Instructables.com, “Digispark DIY: the Smallest USB Arduino : 9 Steps (with Pictures).” https://www.instructables.com/Digispark-DIY-The-smallest-USB-Arduino/ (accessed Nov. 18, 2021).
Dennis, Wixom, and Roth, System Analysis & Design 5th Edition. United States of America: John Wiley & Sons, Inc., 2012.
Rosa A. S and M. Shalahuddin, “Rekayasa Perangkat Lunak Terstruktur dan Berorientasi Objek,” Informatika, vol. 4, 2016.
V. P. Katiyar and S. Patel, “White-Box Testing Technique for Finding Defects,” vol. 8, no. 7, 2019, [Online]. Available: http://worldwidejournals.co.in/index.php/gjra/article/view/4883.
Downloads
Submitted
Accepted
Published
Issue
Section
License
Copyright (c) 2023 Info Kripto

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.