BADUSB - ON ACCESSORIES THAT TURN EVIL

Black Hat USA 2014

Presented by: Jakob Lell, Karsten Nohl
Date: Thursday August 07, 2014
Time: 09:00 - 10:00
Location: Lagoon K

USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe - until now.

This talk introduces a new form of malware that operates from controller chips inside USB devices. USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user.

We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.

We then dive into the USB stack and assess where protection from USB malware can and should be anchored.

Karsten Nohl

Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them.

Jakob Lell

Jakob is a security researcher at SRLabs in Berlin. His main interests are Linux security, cryptography, embedded devices, and web security.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats