Universal Serial aBUSe - Remote Physical Access Attacks

Explore novel USB-level attacks providing remote command and control of air-gapped machines with minimal forensic footprint in this 40-minute conference talk from the 44CON Information Security Conference. Delve into the creation of malicious USB devices using low-cost hardware, focusing on stealthy bi-directional communication channels between host and device. Learn about remote connectivity via 3G/Wi-Fi/Bluetooth, offloading complexity to hardware, and leaving only a small stub on the host. Discover improvements over existing work, including bypassing network controls and minimizing forensic trails. Gain insights into demonstrating physical bypass risks of software security without an extensive budget, and understand the importance of building defenses in this area.

Intro
Quick Intro
Why did you pursue this attack
Cottonmouth Devices
Apex Predator
Physical Inspection
Remote Trigger
Avoid obvious vectors
Automated
User Interaction
Previous Work
Cactus Micro Revision 2
Building our own board
Finished Hardware
Attack Scenario
ESPLink
LEAP Stack
Injection
VNC
USB Drivers
Back Channel
Scripted VNC
Debugging
Pogo Pins
Vanilla Shell
Using existing attack frameworks
USB Security