nullmethod Greg Ose

Exploiting USB Devices with Arduino

During Black Hat USA 2011 in Las Vegas, I had the privilege to present my work in assessing and exploiting USB devices with low cost development hardware.

This step-by-step walkthrough of USB device assessment and exploitation from a application security professional’s point of view discusses USB analysis, protocol comprehension, and the creation of custom Arduino USB firmware to exploit architectural vulnerabilities of USB proximity sensor devices.

Abstract

Hardware devices are continually relied upon to maintain a bridge between physical and virtual security. From access cards to OTP tokens, hardware devices receive limited review by application security professionals. They are often considered vastly more complex and difficult to assess than common web- and network-based applications.

In this talk I will cover a lightweight methodology to use when approaching the assessment of USB-based hardware devices. This will include the identification of trust boundaries and threat modeling, use case analysis though protocol analysis, as well as crafting a hardware device to exploit identified vulnerabilities. Not only will this methodology be described, it will be detailed through the assessment and exploitation of a hardware-based proximity sensor. Hardware-based proximity sensors attempt to enforce desktop security and lock a user’s desktop when the device has been removed from the vicinity of the computer. I will describe my experience and process for assessing a USB-based proximity sensor device and its eventual exploitation using components of the Arduino hardware architecture. I will describe the entire process not from the view of an electrical engineer, but from that of an application security professional with limited knowledge of current and voltage and a hobbyist’s budget.

Artifacts