SlideShare uma empresa Scribd logo

BAD USB 2.0

P
Pradhap M
1 de 10
Baixar para ler offline
PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware
Thank you

Recomendados

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
Hydra
HydraHydra
Hydrapenetration Tester
 
RAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial TradecraftRAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial Tradecraft⭕Alexander Rymdeko-Harvey
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
IDOR Know-How.pdf
IDOR Know-How.pdfIDOR Know-How.pdf
IDOR Know-How.pdfBhashit Pandya
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 

Recomendados

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
Hydra
HydraHydra
Hydrapenetration Tester
 
RAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial TradecraftRAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial Tradecraft⭕Alexander Rymdeko-Harvey
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
IDOR Know-How.pdf
IDOR Know-How.pdfIDOR Know-How.pdf
IDOR Know-How.pdfBhashit Pandya
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
The Security Code Review Guide
The Security Code Review GuideThe Security Code Review Guide
The Security Code Review GuideNicola Pietroluongo
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!Eric Wendelin
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Lfi
LfiLfi
Lfipenetration Tester
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
How to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switchHow to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switchIT Tech
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Secure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authenticationSecure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authenticationSecure Code Warrior
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 

Mais conteúdo relacionado

Mais procurados

EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?ITpreneurs
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIMAlienVault
 
JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!Eric Wendelin
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesAmy Gerrie
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
How to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switchHow to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switchIT Tech
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Secure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authenticationSecure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authenticationSecure Code Warrior
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 

Mais procurados (20)

Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
The Security Code Review Guide
The Security Code Review GuideThe Security Code Review Guide
The Security Code Review Guide
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
 
Integrated Tools in OSSIM
Integrated Tools in OSSIMIntegrated Tools in OSSIM
Integrated Tools in OSSIM
 
JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!JavaScript + Jenkins = Winning!
JavaScript + Jenkins = Winning!
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
Lfi
LfiLfi
Lfi
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
How to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switchHow to recover password on a cisco 2950, 2960 switch
How to recover password on a cisco 2950, 2960 switch
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Secure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authenticationSecure Code Warrior - Poor authorization and authentication
Secure Code Warrior - Poor authorization and authentication
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 

Destaque

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すKenichiro MATOHARA
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleTadeusz Balcer
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1Ashesh R
 

Destaque (10)

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi Zero
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試す
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumble
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1
 
Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
 

Semelhante a BAD USB 2.0

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notesUpasana Talukdar
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6Suad 00
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and InstructionSharad Kafle
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаHackIT Ukraine
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningAdolfo Nasol
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0ronan213
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programmebbp2067
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnectionnoman yasin
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptIwan89629
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,Rahul Batra
 
linux device driver
linux device driverlinux device driver
linux device driverRahul Batra
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01KaoMao
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Freddy Ortiz
 

Semelhante a BAD USB 2.0 (20)

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notes
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and Instruction
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентеста
 
Computer maintenance-and-repair
Computer maintenance-and-repairComputer maintenance-and-repair
Computer maintenance-and-repair
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVA
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioning
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programme
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnection
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.ppt
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,
 
linux device driver
linux device driverlinux device driver
linux device driver
 
Device drivers by prabu m
Device drivers by prabu mDevice drivers by prabu m
Device drivers by prabu m
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
WinCE
WinCEWinCE
WinCE
 

BAD USB 2.0

  • 1. PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
  • 2. USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
  • 3. USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
  • 4. Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 5. Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
  • 6. Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 7. Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
  • 8. possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
  • 9. No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware