USB devices phoning home

Publikationstyp
Working Paper
Date Issued
2016-02-09
Sprache
English
Author(s)
Schilling, Roland  
Steinmetz, Frieder  
Institut
Sicherheit in verteilten Anwendungen E-15  
TORE-DOI
10.15480/882.1279
TORE-URI
http://tubdok.tub.tuhh.de/handle/11420/1282
Citation
23. DFN-Konferenz "Sicherheit in vernetzten Systemen"
Publisher
BoD–Books on Demand
USB is a versatile standard defining various features to allow maximum flexibility for evices. This flexibility, by design, leads to complex device configurations, combining multiple functions into one, making it impossible for users to identify the function of a device by its looks. This can be exploited by crafting programmable USB devices, looking and behaving like an ordinary flash drive that also expose virtual network devices and other functionality to their host OS. This paper outlines such a device, exploiting several USB features to establish a rogue HTTP channel used to leak data stored on the device’s disk to an internet back end. We describe the device itself and its architecture and our conclusions and methods for dealing with the issues presented in a user–friendly way.
Subjects
USB
rogue chanel
device behavior vs. user intent
DDC Class
600: Technik
Lizenz
https://creativecommons.org/licenses/by-nc-nd/4.0/
by-nc-nd
Loading...
Thumbnail Image
Name

paper.pdf

Size

107.17 KB

Format

Adobe PDF