Categories

DEFCON 20: bypassing endpoint security with USB keys

Posted on Sunday, November 25th, 2012 in hacks, security, USB, Videos by the machinegeek


In this talk from the DEFCON 20 conference, Phil Polsta, Computer Security Professor at the University of Dubuque discusses the relative insecurity of using USB “keys” as a way of restricting access to tech resources. He explains in detail how any USB mass storage (flash or hard) drive can be made to appear as an authorized device. The devices can be built for between $18 and $30, and depending on the technique employed the hack requires little or no soldering, and only a basic knowledge of MCUs and C programming.

This entry was posted on Sunday, November 25th, 2012 at 4:00 pm and is filed under hacks, security, USB, Videos. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “DEFCON 20: bypassing endpoint security with USB keys”

  1. John says:

    Alternative Project:
    device: http://hakshop.myshopify.com/products/usb-rubber-ducky
    firmware: http://code.google.com/p/ducky-decode/

    The device can bypass USB endpoint security for $60USD. For source code available so you can pre-program the VID and PID for Mass Storage device or HID keyboard device.

    Downside – will not brute force/enumerate a valid VID/PID like the device in this presentation.

  2. Matseng says:

    This video have a rather good overview of how usb actually works on a protocol level….

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Derek: Is the Sunday one no longer a thing?
  • Doub: Just add sleeving and black variants of these 5557 and you'll take the enthusiast/gamer PC market by storm.
  • James Fowkes: This is a brilliant service, I'm sure I'll be using it a lot. An option for spade/FASTON connectors would be amazing!
  • Peter: Another sunday, another chance...
  • Louis Beaudoin: This is great work guys! Placing an order for a sample pack and hope to use the service to make a custom cable soon.