SC Magazine Congress Chicago - BadUSB & Beyond

Post on 11-Jul-2015

1.194 views 0 download

Preview:

Click to see full reader

Report this document

Transcript of SC Magazine Congress Chicago - BadUSB & Beyond

#SCChi

BadUSB & Beyond

Threats Hiding Inside The

Enterprise

#SCChi

Hello Chicago!

Adam Caudill

@adamcaudill

adam@adamcaudill.com

Brandon Wilson

@brandonlwilson

brandonlw@gmail.com

#SCChi

USB Is Everywhere

• 3+ Billion Devices Sold Annually (USB-IF)

#SCChi

Enter BadUSB

#SCChi

What is BadUSB?

• Firmware Based Attacks

• Not a specific vulnerability

• An entire class of attacks

#SCChi

Intro to Composite Devices

#SCChi

Firmware as an attack vector

#SCChi

Firmware: A long history of threats

#SCChi

Anatomy of a thumb drive

#SCChi

Updateable Firmware

#SCChi

Unsigned Firmware Updates

#SCChi

Signed Updates - Still Risks

• Weak signing keys

• Verification failures

• Implementation failures

• Exploitable code

#SCChi

Reverse Engineering

#SCChi

What can BadUSB do?

• Changes to file handling

• Anti-forensics

• Bypass security features

• New features

#SCChi

Changes to file handling

• Hiding data

• Duplicating data to hidden area

• Copying deleted files to hidden area

• Altering file contents

• Inserting malware into executables

#SCChi

Anti-Forensics

• Defeat write blockers

• Self destruct

• Modify files when inserted

• Modify file metadata

#SCChi

Demos

• Thumbdrive Keyboard

• Hidden Data Storage

• Password Protection Bypass

#SCChi

Thumbdrive Keyboard

#SCChi

Hidden Data Storage

Read Request

(Get LBA

0x00000073)

Patch

(Use hidden

area?)

Section 1

(Public)

Section 2

(Hidden)

#SCChi

Password Protection Bypass

#SCChi

Going Beyond BadUSB…

• Beyond Thumbdrives

• Worst Case Scenario

• Where are the Manufacturers?

• How hard are BadUSB attacks?

• Real-world Impact

• BadUSB & BYOD

#SCChi

Just thumbdrives?

• Billions of devices sold annually.

• How many have user updatable firmware?

• How many require signed updates?

• How many are brought from home?

#SCChi

Other Devices

• Keyboards

• Mice

• USB Hubs

• Webcams

• Touchpads

• SD Card Readers

• etc…

#SCChi

Worst Case Scenario

#SCChi

Where are the Manufacturers?

#SCChi

How hard are BadUSB attacks?

Easy.

(Assuming you have at least a decade of

experience with embedded systems that is…)

#SCChi

So what's the real risk?

#SCChi

BYOD & BadUSB

#SCChi

Practical Defense

#SCChi

Adam Caudill

@adamcaudill

Brandon Wilson

@brandonlwilson

Copyright © 2022 FDOCUMENTS