SlideShare una empresa de Scribd logo

BAD USB 2.0

P
Pradhap M
1 de 10
Descargar para leer sin conexión
PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware
Thank you

Recomendados

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 

Recomendados

BadUSB, and what you should do about it
BadUSB, and what you should do about itBadUSB, and what you should do about it
BadUSB, and what you should do about itrobertfisk
 
DerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouDerbyCon 2014 - Making BadUSB Work For You
DerbyCon 2014 - Making BadUSB Work For YouAdam Caudill
 
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellPowershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif Powershell
Powershell Nedir, Nasıl Çalışır, Temel PowerShell ve Ofansif PowershellRamin Karimkhani
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness trainingSandeep Taileng
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
2. access control
2. access control2. access control
2. access control7wounders
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security SeminarAcend Corporate Learning
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionControlCase
 
Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 

Más contenido relacionado

La actualidad más candente

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011Marc Vael
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness trainingSandeep Taileng
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
2. access control
2. access control2. access control
2. access control7wounders
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionControlCase
 

La actualidad más candente (20)

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011ISACA Belgium CERT view 2011
ISACA Belgium CERT view 2011
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access control
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
2. access control
2. access control2. access control
2. access control
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
PCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed IntroductionPCI DSS 2.0 Detailed Introduction
PCI DSS 2.0 Detailed Introduction
 

Destacado

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi ZeroBaoshi Zhu
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#singhadarsh
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すKenichiro MATOHARA
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingBrent Muir
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleTadeusz Balcer
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1Ashesh R
 

Destacado (10)

Raspberry Pi Zero
Raspberry Pi ZeroRaspberry Pi Zero
Raspberry Pi Zero
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Raspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試すRaspberry PiのUSB OTGを試す
Raspberry PiのUSB OTGを試す
 
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB FlashingSanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
SanDisk SecureAccess Encryption - Forensic Processing & USB Flashing
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Visual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumbleVisual studio 2015 and .net core 5 – get ready to rumble
Visual studio 2015 and .net core 5 – get ready to rumble
 
Pascal Programming Session 1
Pascal Programming Session 1Pascal Programming Session 1
Pascal Programming Session 1
 
Pascal programming language
Pascal programming languagePascal programming language
Pascal programming language
 

Similar a BAD USB 2.0

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlPriyanka Aash
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guideShathees Rao
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notesUpasana Talukdar
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6Suad 00
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and InstructionSharad Kafle
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаHackIT Ukraine
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningAdolfo Nasol
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0ronan213
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programmebbp2067
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnectionnoman yasin
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptIwan89629
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,Rahul Batra
 
linux device driver
linux device driverlinux device driver
linux device driverRahul Batra
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01KaoMao
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Freddy Ortiz
 

Similar a BAD USB 2.0 (20)

BadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten NohlBadUSB — On accessories that turn evil by Karsten Nohl
BadUSB — On accessories that turn evil by Karsten Nohl
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware Devices
 
Computer technicians-quick-reference-guide
Computer technicians-quick-reference-guideComputer technicians-quick-reference-guide
Computer technicians-quick-reference-guide
 
computer organization and architecture notes
computer organization and architecture notescomputer organization and architecture notes
computer organization and architecture notes
 
ITBIS105 6
ITBIS105 6ITBIS105 6
ITBIS105 6
 
Computer system Hardware and Instruction
Computer system Hardware and InstructionComputer system Hardware and Instruction
Computer system Hardware and Instruction
 
Алексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентестаАлексей Мисник - USB устройства для пентеста
Алексей Мисник - USB устройства для пентеста
 
Computer maintenance-and-repair
Computer maintenance-and-repairComputer maintenance-and-repair
Computer maintenance-and-repair
 
BKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVABKK16-312 Integrating and controlling embedded devices in LAVA
BKK16-312 Integrating and controlling embedded devices in LAVA
 
Chs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioningChs nc2 reviewer - with oral questioning
Chs nc2 reviewer - with oral questioning
 
Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0Chs nc2 reviewer - with oral questioning 0
Chs nc2 reviewer - with oral questioning 0
 
Operating System & Utility Programme
Operating System & Utility ProgrammeOperating System & Utility Programme
Operating System & Utility Programme
 
03. top level view of computer function & interconnection
03. top level view of computer function & interconnection03. top level view of computer function & interconnection
03. top level view of computer function & interconnection
 
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.pptan_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.ppt
 
Linux Device Driver,LDD,
Linux Device Driver,LDD,Linux Device Driver,LDD,
Linux Device Driver,LDD,
 
linux device driver
linux device driverlinux device driver
linux device driver
 
Device drivers by prabu m
Device drivers by prabu mDevice drivers by prabu m
Device drivers by prabu m
 
Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01Eekol 2012 jan04_int_ems_an_01
Eekol 2012 jan04_int_ems_an_01
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
WinCE
WinCEWinCE
WinCE
 

BAD USB 2.0

  • 1. PRATHAP M RAJA RATHINAM M IRTT(ERODE) BadUSB — On accessories that turn evil
  • 2. USB devices include a micro-‐controller, hidden from the user 2 8051 CPU Bootloader USB controller Controller firmware Mass storage Flash The only part visible to the user
  • 3. USB devices are initialized in several steps Power-‐on+ Firmware init Load driver Register Set address Send descriptor Set configuration Normal operation Optional: deregister Register again … Load another driver USB device USB plug-‐and-‐play
  • 4. Reversing and patching USB firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 5. Reverse-‐engineer firmware  Load into disassembler  Apply heuristics  Find known USB bit fields such as descriptors  Apply standard software reversing to find hooking points
  • 6. Patch firmware  Find leaked firmware  Sniff update communication using Wireshark  Replay custom SCSI commands used for updates
  • 7. Network traffic can be diverted by “DHCP on USB” Attack steps 1. USB stick spoofs Ethernet adapter 2. Replies to DHCP query with DNS server on the Internet, but without default gateway Result 3. Internet traffic is still routed through the normal Wi-‐Fi connection 4. However, DNS queries are sent to the USB-‐supplied server, enabling redirection attacks DNS assignment in DHCP over spoofed USB-‐Ethernet adapter All DNS queries go to attacker’s DNS server
  • 8. possible USB attacks is large  Emulate keyboard  Spoof network card  USB boot-‐ sector virus  Hide data on stick or HDD  Rewrite data in-‐flight  Update PC BIOS  Spoof display
  • 9. No effective defenses from USB attacks exist  Scan peripheral firmware for malware  Disable firmware updates in hardware