Categories

DEFCON 20: bypassing endpoint security with USB keys

Posted on Sunday, November 25th, 2012 in hacks, security, USB, Videos by the machinegeek


In this talk from the DEFCON 20 conference, Phil Polsta, Computer Security Professor at the University of Dubuque discusses the relative insecurity of using USB “keys” as a way of restricting access to tech resources. He explains in detail how any USB mass storage (flash or hard) drive can be made to appear as an authorized device. The devices can be built for between $18 and $30, and depending on the technique employed the hack requires little or no soldering, and only a basic knowledge of MCUs and C programming.

This entry was posted on Sunday, November 25th, 2012 at 4:00 pm and is filed under hacks, security, USB, Videos. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “DEFCON 20: bypassing endpoint security with USB keys”

  1. John says:

    Alternative Project:
    device: http://hakshop.myshopify.com/products/usb-rubber-ducky
    firmware: http://code.google.com/p/ducky-decode/

    The device can bypass USB endpoint security for $60USD. For source code available so you can pre-program the VID and PID for Mass Storage device or HID keyboard device.

    Downside – will not brute force/enumerate a valid VID/PID like the device in this presentation.

  2. Matseng says:

    This video have a rather good overview of how usb actually works on a protocol level….

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Edward Cooper: Great article and good find on the markets! Any chance you can provide the locations of these places? I'm in Shenzhen at the moment and...
  • Dan: I'm up for one
  • TrickyNekro: Always in for another bunch! :-D
  • mol-1: Maybe this time !
  • Andrew: Me!!