This one-hour talk is very educational in a scary sort of way. The speaker points out that USB really is just a network protocol and that a properly written USB thumb drive firmware could detect the OS of the host computer its plugged into by the pattern of commands it receives. It could also detect whether it’s plugged into a forensics box by the pattern of linear accesses or by the noteworthy lack of write commands (access timestamps,.DS_Store folders,etc)
(via Alan Cox)
Originally shared by glyn moody
MT @csoghoian Research by @travisgoodspeed on USB antiforensics: potential to seriously disrupt gov forensics – http://bit.ly/X79wlV >>wow
Unrelated to that presentation, but Wireshark supports USB. I’ve had good luck extracting binaries from traffic between PC and usb storage.
http://wiki.wireshark.org/CaptureSetup/USB
Cheap microcontrollers with USB HID support can enter commands on insertion, pretending to be keyboard. I know POS with exposed USB ports fail security audits that way.
http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
USB provides job security to some, headaches to others 🙂
The Arduino Leonardo can emulate keyboards and mice through the USB port and I agree with an early comment that beaglebone is also a great platform for USB experimentation. I think what we can glean from this discussion is that hardware exploits are definitely becoming easier and might become more widespread.