USB Hacking
Josef Monje
2019.07.26 • LearnDay #11

Once upon a time
There was a worm named Conficker.
It was first detected in 2008. It
infected a millions of computers and
enjoyed a lot of media attention. Its
second variant added the ability to
spread via USB, exploiting Windows
AutoRun.
20XX 20XX 20XX 20XX
Infect
lots of
compu
ters

The USB Port
How to identify USB?
What kinds of device?
Characteristics of USB?

Receptacles
Thank you, Wikipedia

Device Classes
Unspecified
Audio
Communications and CDC Control
Human interface device (HID)
Physical Interface Device (PID)
Image (PTP/MTP)
Printer
Mass storage (MSC or UMS)
USB hub
CDC-Data
Smart Card
Content security
Video
Personal healthcare
Audio/Video (AV)
Billboard
Diagnostic Device
Wireless Controller
Miscellaneous
Application-specific
Vendor-specific
Thank you, Wikipedia

Objectives
Standardized connections
Self-configuring
Hot-pluggable
Data
Power
Thank you, Wikipedia

Thank you, Wikipedia
Inside a USB
flash drive

Development of
USB Attacks
Early stage
Middle stage
Late stage
Timeline

2007
Adoption of Arduino and microcontrollers
August 2007
10,000 Arduino boards
in existence
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec

2009
Exploring attacks on USB protocol, Fuzzing USB drivers using a microcontroller
August 2009
DEFCON 17: USB
Attacks: Fun with Plug &
Own
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec

2010
What if this pranking toy was programmable?
August 2010
DEFCON 18:
Programmable HID USB
Keystroke Dongle
(Teensy)
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec

2011
More and more people were demonstrating ways to exploit how USB works to defeat
security products using microcontrollers...
July/August 2011
Black Hat: Exploiting USB
Devices using Arduino
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec

2012
… and hardware was developed to demonstrate attacks, improve research and become
defining products of the category
July 2012
DEFCON 20: Bypassing
Endpoint Security for $20
or Less
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
February 2012
Raspberry Pi
July 2012
Facedancer
USB Rubber Ducky
February 2012

2014
USB attacks officially get a name, people start demonstrating complex attacks
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
September 2014
Kali NetHunter
August 2014
Black Hat: BadUSB- On
Accessories that Turn Evil
December 2014
USBDriveby

2015
From “how do you break this?”, to “how far can you take this?”, new USB attack appears
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
August 2015
DEFCON 23: USB Attack to
Decrypt Wi Fi Communications
October 2015
USB Killer 2.0
November 2015
Pi Zero
Gadget mode works

USB Killer vs...

Linux
Gadget
Module

2016
Big platform integrates functionality, commercial product becomes DIY, attacks use multiple
device classes
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
January 2016
NetHunter integrates BadUSB
May 2016
DIY USB Rubber Ducky
November 2016
PoisonTap
August 2016
Mr. Robot episode

2017
Products evolve, miniaturization, customizable platforms
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
March 2017
Bash Bunny
April 2017
MalDuino
February 2017
P4wnP1

Why I prefer
P4wnP1...

2018
DIY your own USB attack, products for everybody, it’s already mainstream
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
April 2018
P4wnP1 a.l.o.a.
August 2018
Malware-Infected USB Cables
And more

YouTube
search results

YouTube
search results

2005
In fact, some research was already done but microcontrollers weren’t yet a thing
Jan Feb Mar Apr May Jun Jul Aug Sept Oct Nov Dec
July 2005
Black Hat - Plug and Root,
the USB Key to the
Kingdom

Figured out in
2005... Except
it was
uploaded in
2013