PM
Uploaded byPradhap M
PDF, PPTX794 views

BAD USB 2.0

The document discusses how USB devices contain hidden microcontrollers that can run malicious firmware. The firmware can be reversed engineered and patched to carry out attacks like diverting network traffic or emulating keyboard input. No effective defenses against USB attacks currently exist since the firmware is hidden and can be updated.

In this document
Powered by AI

Introduction to BadUSB and the notion of USB devices having hidden microcontrollers.

Overview of the initialization steps required for USB devices, including powering on and firmware setup.

Techniques for reversing firmware and applying heuristics to find specific USB descriptors.

Methods to patch USB firmware including sniffing update communications and replaying commands.

Description of how USB devices can spoof Ethernet adapters to intercept DNS queries for attacks.

Various possible USB attacks including emulating keyboards and executing BIOS updates.

Challenges in defending against USB attacks and suggested preventive measures.

Conclusion and thanks to the audience.

Embed presentation

Download as PDF, PPTX
PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware
Thank you

More Related Content

PPTX
Introduction to armv8 aarch64
byYi-Hsiu Hsu
 
PDF
BadUSB, and what you should do about it
byrobertfisk
 
PPTX
Pendrive
byshri. ram murti smarak college of engg. & technology
 
PPTX
Pc maintenance
byFitaAyalew
 
PPTX
Third generation of computer
byNorhaina Abdulkadir
 
PPTX
VLSI industry - Digital Design Engineers - draft version
byMahmoud Abdellatif
 
PPTX
Reporte sobre como ensamblar una PC
byjessicaacevedo1514
 
PDF
An Introduction to Semiconductors and Intel
byDESMOND YUEN
 
Introduction to armv8 aarch64
byYi-Hsiu Hsu
 
BadUSB, and what you should do about it
byrobertfisk
 
Pendrive
byshri. ram murti smarak college of engg. & technology
 
Pc maintenance
byFitaAyalew
 
Third generation of computer
byNorhaina Abdulkadir
 
VLSI industry - Digital Design Engineers - draft version
byMahmoud Abdellatif
 
Reporte sobre como ensamblar una PC
byjessicaacevedo1514
 
An Introduction to Semiconductors and Intel
byDESMOND YUEN
 

Viewers also liked

ODP
Raspberry Pi Zero
byBaoshi Zhu
 
PDF
Introduction to c#
bysinghadarsh
 
PPTX
DerbyCon 2014 - Making BadUSB Work For You
byAdam Caudill
 
PDF
Raspberry PiのUSB OTGを試す
byKenichiro MATOHARA
 
PPTX
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
byBrent Muir
 
PPTX
Introduction to c#
byRavi Jakashania
 
PDF
Controlling USB Flash Drive Controllers: Expose of Hidden Features
byxabean
 
PDF
Penetration Testing Execution Phases
byNasir Bhutta
 
PPT
Visual studio 2015 and .net core 5 – get ready to rumble
byTadeusz Balcer
 
PPT
Pascal Programming Session 1
byAshesh R
 
PDF
Pascal programming language
byMahesh Kodituwakku
 
Raspberry Pi Zero
byBaoshi Zhu
 
Introduction to c#
bysinghadarsh
 
DerbyCon 2014 - Making BadUSB Work For You
byAdam Caudill
 
Raspberry PiのUSB OTGを試す
byKenichiro MATOHARA
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
byBrent Muir
 
Introduction to c#
byRavi Jakashania
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
byxabean
 
Penetration Testing Execution Phases
byNasir Bhutta
 
Visual studio 2015 and .net core 5 – get ready to rumble
byTadeusz Balcer
 
Pascal Programming Session 1
byAshesh R
 
Pascal programming language
byMahesh Kodituwakku
 

Similar to BAD USB 2.0

PDF
BadUSB — On accessories that turn evil by Karsten Nohl
byPriyanka Aash
 
PDF
Unit 2 DNS Spoofing in a BadUSB Attack.pdf
byChatanBawankar
 
PDF
Алексей Мисник - USB устройства для пентеста
byHackIT Ukraine
 
PPT
Vectors
byYashin Mehaboobe
 
PDF
ABYSS OF BADUSB
byssuser6c19e1
 
PPTX
Adventures in USB land
byValentinas Bakaitis
 
PDF
Microcontroller mayhem - ECTF & USSS 2011
bywarezjoe
 
PDF
Usb port visibility controller poster
byAkash Pal
 
PDF
2005 07-hidusb
bycam11505
 
PDF
USB Hacking - LearnDay@Xoxzo #11
byXoxzo Inc.
 
PPTX
Redteaming HID attacks
byJuan Espin
 
PPTX
USB Defender Overview
byStraff Wentworth
 
PPTX
Device driver FOR HARDWAARE COMPUTER .pptx
byDianarraVergara2
 
PDF
File000152
byDesmond Devendran
 
PDF
Hardware hacking
byTavish Naruka
 
PPTX
SC Magazine Congress Chicago - BadUSB & Beyond
byAdam Caudill
 
PDF
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
byNCC Group
 
PPTX
Device drivers and their applications
byAliddekiBryan
 
PDF
SanDisk SecureAccess Encryption 1.5
byBrent Muir
 
PDF
USB: Undermining Security Barriers
byNCC Group
 
BadUSB — On accessories that turn evil by Karsten Nohl
byPriyanka Aash
 
Unit 2 DNS Spoofing in a BadUSB Attack.pdf
byChatanBawankar
 
Алексей Мисник - USB устройства для пентеста
byHackIT Ukraine
 
Vectors
byYashin Mehaboobe
 
ABYSS OF BADUSB
byssuser6c19e1
 
Adventures in USB land
byValentinas Bakaitis
 
Microcontroller mayhem - ECTF & USSS 2011
bywarezjoe
 
Usb port visibility controller poster
byAkash Pal
 
2005 07-hidusb
bycam11505
 
USB Hacking - LearnDay@Xoxzo #11
byXoxzo Inc.
 
Redteaming HID attacks
byJuan Espin
 
USB Defender Overview
byStraff Wentworth
 
Device driver FOR HARDWAARE COMPUTER .pptx
byDianarraVergara2
 
File000152
byDesmond Devendran
 
Hardware hacking
byTavish Naruka
 
SC Magazine Congress Chicago - BadUSB & Beyond
byAdam Caudill
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
byNCC Group
 
Device drivers and their applications
byAliddekiBryan
 
SanDisk SecureAccess Encryption 1.5
byBrent Muir
 
USB: Undermining Security Barriers
byNCC Group
 

BAD USB 2.0

  • 1.
    PRATHAP M RAJA RATHINAMM IRTT(ERODE) BadUSB — On accessories that turn evil
  • 2.
    USB devices includea micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
  • 3.
    USB devices areinitialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
  • 4.
    Reversing and patchingUSB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 5.
    Reverse-‐engineer firmware  Loadinto disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
  • 6.
    Patch firmware  Findleaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 7.
    Network traffic canbe diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
  • 8.
    possible USB attacksis large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
  • 9.
    No effective defensesfrom USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware
  • 10.