Categories

DEFCON 20: bypassing endpoint security with USB keys

Posted on Sunday, November 25th, 2012 in hacks, security, USB, Videos by the machinegeek


In this talk from the DEFCON 20 conference, Phil Polsta, Computer Security Professor at the University of Dubuque discusses the relative insecurity of using USB “keys” as a way of restricting access to tech resources. He explains in detail how any USB mass storage (flash or hard) drive can be made to appear as an authorized device. The devices can be built for between $18 and $30, and depending on the technique employed the hack requires little or no soldering, and only a basic knowledge of MCUs and C programming.

This entry was posted on Sunday, November 25th, 2012 at 4:00 pm and is filed under hacks, security, USB, Videos. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “DEFCON 20: bypassing endpoint security with USB keys”

  1. John says:

    Alternative Project:
    device: http://hakshop.myshopify.com/products/usb-rubber-ducky
    firmware: http://code.google.com/p/ducky-decode/

    The device can bypass USB endpoint security for $60USD. For source code available so you can pre-program the VID and PID for Mass Storage device or HID keyboard device.

    Downside – will not brute force/enumerate a valid VID/PID like the device in this presentation.

  2. Matseng says:

    This video have a rather good overview of how usb actually works on a protocol level….

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • KH: Awesome build... reminds me of an old time travel argument: If UFOs are a kind of time travel device, then why haven't someone from the...
  • pankaj: can i make soldering paste with cationic rosin
  • pankaj: i want to make soldering paste . i dont have water white rosin , i have cationic rosin . pls tell me is this cationic...
  • Chip Stewart: Am I too late?
  • Sebastian: Yes please!