T&L Publications

Not sure where to ask this question but maybe you can suggest a better place to post, if not here.

I have just received a remarkable piece of technology. Was mailed to me by my health insurance company, Blue Cross, (verified) in an envelope with a letter. Was obviously part of a mass mailing to their in-state subscribers. The thing itself is a tear-off cardboard, chip based USB thingee. The instructions say insert into USB port and watch our product videos. After making sure that it did in fact came from Blue cross I did just that. It immediately opened a browser window on my Mac and re-directed to the BC web site with the videos they said would be there to watch.

I don't understand how this brilliant marketing idea could have been programmed into such a cheap (throw away) item. How did it override my OS and launch the browser without any on-screen dialog? I assume it would do the same on a Windows PC.

Is this similar?
http://www.ebuyer.com/blog/2014/01/disp ... -transfer/ This is typical of several I found.
Just open the standard USB drive, not too much inside at all.
Consider the size of the micro SD cards!

Hi,

Yes those things are remarkably small.
I have one that is 32GB and smaller than my fingernail, or maybe the same size about. Even the slot it plugs into is so small.

They also have USB On The Go drives now, which have the mini USB connector not the normal size USB connector, and some have both types of connectors.

Ok, I jumped before Googling. The device I am talking about is not for storage! It is called a "USB Web Key".
It's purpose is to automatically
1. Open the browser on the Mac or PC it is inserted into
2. Redirect the browser to the vendor's web site.

In further reading I learned that it is pretty simple, a micro in the device starts up, runs some code, grabs a pre-programmed URL from it's eeprom, fires it into the computer and off you go. Thing is, I have a Mac and nothing, but nothing, is supposed to take over the OS to launch an app unless the user does something, or there is dialog on the screen. I have gone to a Mac forum and posted to find out what kind of codes this thing is sending (it is considered an HID - Human Interface Device - somewhat like one is typing through a USB connected keyboard) Getting nowhere in that forum
Beside the micro's operating code the Key only has to store the URL so it is not a USB drive as such.

Here's one source that has a good description of the product.
http://www.cnboesy.com/products/webkey/ ... _kits.html

Oh yes, I got no email notice that ya'll had posted replies. What's with that?

Hi,

Not sure if this helps or not, but under Winblows (oh gee, did i spell it wrong...so sorry MS <ha ha>) all you have to do is run the name of the browser and append the url path, for example:
Browser.exe http:\\www.thatsite.com
and it opens in the browser.
I used "Browser.exe" for the name of the browser program, which will vary depending on what browser you are using, and you may even get away with just the url:
http:\\www.whateversite.com
and that will open in the default browser.
Note in this last example you dont even have to specify an .exe program as it uses the default for that application extension or whatever. It may be sneaking by because of that.

seems like that could be devious...what if someone laid a virus on them, left a bunch of them laying around as freebies for something that does not exist ( like a free game etc. ) and some dumb schmuck
put it into his computer, and gets a instant virus...would your antivirus even intercept it ?
or just as bad, put all kinds of malware or such on it.

Well, if it only needs to be inserted once or a few times, then cardboard would be suitable, that plus a suitable low cost memory and some kind of printed flexible circuit technology and it would be economical. Since these few years since obamacare passed we have been inundated by more health care advertisements than political ads in an election year, I'm not surprised they would resort to high end gimmicky ways to get you to their site.

it's only low cost in high volume, I doubt a hacker would be attracted to it as a more effective "Vector" as evidence I point out the care in which the OP gave it before running it. OTOH, since it is new and unfamiliar, it makes it ideal for such attacks if they can find an exploit.

Well, if it only needs to be inserted once or a few times, then cardboard would be suitable, that plus a suitable low cost memory and some kind of printed flexible circuit technology and it would be economical. Since these few years since obamacare passed we have been inundated by more health care advertisements than political ads in an election year, I'm not surprised they would resort to high end gimmicky ways to get you to their site.

it's only low cost in high volume, I doubt a hacker would be attracted to it as a more effective "Vector" as evidence I point out the care in which the OP gave it before running it. OTOH, since it is new and unfamiliar, it makes it ideal for such attacks if they can find an exploit.

I think I have heard of this in the form of a business card or distributed at trace shows, that's where I would expect to see it most.

Double posting?
Maybe malware got into our forum?

Sounds like it takes advantage of the AutoRun feature.

CeaSaR

https://www.intellipaper.info/technology/

Saw this link and thought I'd share it.

CeaSaR

Want a surprise?
Put an obsolete credit card in acetone. Cover it completely. After a few hours the card is dissolved and can be peeled apart to see the magic inside. Near field cards have more to see

Enjoy.....


...