#SCChi
BadUSB & Beyond
Threats Hiding Inside The
Enterprise
#SCChi
Hello Chicago!
Adam Caudill
@adamcaudill
Brandon Wilson
@brandonlwilson
#SCChi
USB Is Everywhere
• 3+ Billion Devices Sold Annually (USB-IF)
#SCChi
Enter BadUSB
#SCChi
What is BadUSB?
• Firmware Based Attacks
• Not a specific vulnerability
• An entire class of attacks
#SCChi
Intro to Composite Devices
#SCChi
Firmware as an attack vector
#SCChi
Firmware: A long history of threats
#SCChi
Anatomy of a thumb drive
#SCChi
Updateable Firmware
#SCChi
Unsigned Firmware Updates
#SCChi
Signed Updates - Still Risks
• Weak signing keys
• Verification failures
• Implementation failures
• Exploitable code
#SCChi
Reverse Engineering
#SCChi
What can BadUSB do?
• Changes to file handling
• Anti-forensics
• Bypass security features
• New features
#SCChi
Changes to file handling
• Hiding data
• Duplicating data to hidden area
• Copying deleted files to hidden area
• Altering file contents
• Inserting malware into executables
#SCChi
Anti-Forensics
• Defeat write blockers
• Self destruct
• Modify files when inserted
• Modify file metadata
#SCChi
Demos
• Thumbdrive Keyboard
• Hidden Data Storage
• Password Protection Bypass
#SCChi
Thumbdrive Keyboard
#SCChi
Hidden Data Storage
Read Request
(Get LBA
0x00000073)
Patch
(Use hidden
area?)
Section 1
(Public)
Section 2
(Hidden)
#SCChi
Password Protection Bypass
#SCChi
Going Beyond BadUSB…
• Beyond Thumbdrives
• Worst Case Scenario
• Where are the Manufacturers?
• How hard are BadUSB attacks?
• Real-world Impact
• BadUSB & BYOD
#SCChi
Just thumbdrives?
• Billions of devices sold annually.
• How many have user updatable firmware?
• How many require signed updates?
• How many are brought from home?
#SCChi
Other Devices
• Keyboards
• Mice
• USB Hubs
• Webcams
• Touchpads
• SD Card Readers
• etc…
#SCChi
Worst Case Scenario
#SCChi
Where are the Manufacturers?
#SCChi
How hard are BadUSB attacks?
Easy.
(Assuming you have at least a decade of
experience with embedded systems that is…)
#SCChi
So what's the real risk?
#SCChi
BYOD & BadUSB
#SCChi
Practical Defense
#SCChi
Adam Caudill
@adamcaudill
Brandon Wilson
@brandonlwilson
Top Related