SlideShare a Scribd company logo

BadUSB - How USB Devices Can Turn Evil

P
Pradhap M
1 of 10
Download to read offline
PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware
Thank you

Recommended

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
I2c drivers
I2c driversI2c drivers
I2c driverspradeep_tewani
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers Emertxe Information Technologies Pvt Ltd
 
04 cache memory.ppt 1
04 cache memory.ppt 104 cache memory.ppt 1
04 cache memory.ppt 1Anwal Mirza
 
C Programming - Refresher - Part III
C Programming - Refresher - Part IIIC Programming - Refresher - Part III
C Programming - Refresher - Part IIIEmertxe Information Technologies Pvt Ltd
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 

Recommended

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
I2c drivers
I2c driversI2c drivers
I2c driverspradeep_tewani
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers Emertxe Information Technologies Pvt Ltd
 
04 cache memory.ppt 1
04 cache memory.ppt 104 cache memory.ppt 1
04 cache memory.ppt 1Anwal Mirza
 
C Programming - Refresher - Part III
C Programming - Refresher - Part IIIC Programming - Refresher - Part III
C Programming - Refresher - Part IIIEmertxe Information Technologies Pvt Ltd
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 
리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDB리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDBManjong Han
 
Q4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFSQ4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFSLinaro
 
Linux memory
Linux memoryLinux memory
Linux memoryericrain911
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/CoreShay Cohen
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
Introduction to Modern U-Boot
Introduction to Modern U-BootIntroduction to Modern U-Boot
Introduction to Modern U-BootGlobalLogic Ukraine
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
Architecture Of The Linux Kernel
Architecture Of The Linux KernelArchitecture Of The Linux Kernel
Architecture Of The Linux Kernelguest547d74
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to DebuggersSaumil Shah
 
Programming guide for linux usb device drivers
Programming guide for linux usb device driversProgramming guide for linux usb device drivers
Programming guide for linux usb device driversIntegrated Circuit Design Research & Education Center (ICDREC)
 
linux device driver
linux device driverlinux device driver
linux device driverRahul Batra
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmertxe Information Technologies Pvt Ltd
 
Kernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixBrendan Gregg
 
Bootloaders (U-Boot)
Bootloaders (U-Boot) Bootloaders (U-Boot)
Bootloaders (U-Boot) Omkar Rane
 
Linux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF SuperpowersLinux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Geep networking stack-linuxkernel
Geep networking stack-linuxkernelGeep networking stack-linuxkernel
Geep networking stack-linuxkernelKiran Divekar
 
Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 

More Related Content

What's hot

리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDB리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDBManjong Han
 
Q4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFSQ4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFSLinaro
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/CoreShay Cohen
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
Architecture Of The Linux Kernel
Architecture Of The Linux KernelArchitecture Of The Linux Kernel
Architecture Of The Linux Kernelguest547d74
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to DebuggersSaumil Shah
 
linux device driver
linux device driverlinux device driver
linux device driverRahul Batra
 
Kernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixBrendan Gregg
 
Bootloaders (U-Boot)
Bootloaders (U-Boot) Bootloaders (U-Boot)
Bootloaders (U-Boot) Omkar Rane
 
Linux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF SuperpowersLinux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Geep networking stack-linuxkernel
Geep networking stack-linuxkernelGeep networking stack-linuxkernel
Geep networking stack-linuxkernelKiran Divekar
 

What's hot (20)

리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDB리눅스 커널 디버거 KGDB/KDB
리눅스 커널 디버거 KGDB/KDB
 
Q4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFSQ4.11: Next Gen Mobile Storage – UFS
Q4.11: Next Gen Mobile Storage – UFS
 
Linux memory
Linux memoryLinux memory
Linux memory
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_Analysis
 
Linux Internals - Kernel/Core
Linux Internals - Kernel/CoreLinux Internals - Kernel/Core
Linux Internals - Kernel/Core
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linux
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
 
Introduction to Modern U-Boot
Introduction to Modern U-BootIntroduction to Modern U-Boot
Introduction to Modern U-Boot
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf tools
 
Architecture Of The Linux Kernel
Architecture Of The Linux KernelArchitecture Of The Linux Kernel
Architecture Of The Linux Kernel
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded Linux
 
Introduction to Debuggers
Introduction to DebuggersIntroduction to Debuggers
Introduction to Debuggers
 
Programming guide for linux usb device drivers
Programming guide for linux usb device driversProgramming guide for linux usb device drivers
Programming guide for linux usb device drivers
 
linux device driver
linux device driverlinux device driver
linux device driver
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
 
Kernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at NetflixKernel Recipes 2017: Using Linux perf at Netflix
Kernel Recipes 2017: Using Linux perf at Netflix
 
Bootloaders (U-Boot)
Bootloaders (U-Boot) Bootloaders (U-Boot)
Bootloaders (U-Boot)
 
Linux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF SuperpowersLinux 4.x Tracing Tools: Using BPF Superpowers
Linux 4.x Tracing Tools: Using BPF Superpowers
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Geep networking stack-linuxkernel
Geep networking stack-linuxkernelGeep networking stack-linuxkernel
Geep networking stack-linuxkernel
 

Viewers also liked

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すKenichiro MATOHARA
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleTadeusz Balcer
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1Ashesh R
 

Viewers also liked (11)

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi Zero
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For You
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試す
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumble
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1
 
Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
 

Similar to BadUSB - How USB Devices Can Turn Evil

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notesUpasana Talukdar
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6Suad 00
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and InstructionSharad Kafle
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаHackIT Ukraine
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningAdolfo Nasol
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0ronan213
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programmebbp2067
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnectionnoman yasin
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptIwan89629
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,Rahul Batra
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01KaoMao
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Freddy Ortiz
 
Raspberry Pi tutorial
Raspberry Pi tutorialRaspberry Pi tutorial
Raspberry Pi tutorial艾鍗科技
 

Similar to BadUSB - How USB Devices Can Turn Evil (20)

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notes
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and Instruction
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентеста
 
Computer maintenance-and-repair
Computer maintenance-and-repairComputer maintenance-and-repair
Computer maintenance-and-repair
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVA
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioning
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programme
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnection
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.ppt
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,
 
Device drivers by prabu m
Device drivers by prabu mDevice drivers by prabu m
Device drivers by prabu m
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
WinCE
WinCEWinCE
WinCE
 
Raspberry Pi tutorial
Raspberry Pi tutorialRaspberry Pi tutorial
Raspberry Pi tutorial
 

BadUSB - How USB Devices Can Turn Evil

  • 1. PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
  • 2. USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
  • 3. USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
  • 4. Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 5. Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
  • 6. Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 7. Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
  • 8. possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
  • 9. No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware