Categories

DEFCON 20: bypassing endpoint security with USB keys

Posted on Sunday, November 25th, 2012 in hacks, security, USB, Videos by the machinegeek


In this talk from the DEFCON 20 conference, Phil Polsta, Computer Security Professor at the University of Dubuque discusses the relative insecurity of using USB “keys” as a way of restricting access to tech resources. He explains in detail how any USB mass storage (flash or hard) drive can be made to appear as an authorized device. The devices can be built for between $18 and $30, and depending on the technique employed the hack requires little or no soldering, and only a basic knowledge of MCUs and C programming.

This entry was posted on Sunday, November 25th, 2012 at 4:00 pm and is filed under hacks, security, USB, Videos. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

2 Responses to “DEFCON 20: bypassing endpoint security with USB keys”

  1. John says:

    Alternative Project:
    device: http://hakshop.myshopify.com/products/usb-rubber-ducky
    firmware: http://code.google.com/p/ducky-decode/

    The device can bypass USB endpoint security for $60USD. For source code available so you can pre-program the VID and PID for Mass Storage device or HID keyboard device.

    Downside – will not brute force/enumerate a valid VID/PID like the device in this presentation.

  2. Matseng says:

    This video have a rather good overview of how usb actually works on a protocol level….

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • KH: TPS62200 will get him to under 15uA, a bit better than the 20-30uA he mentioned. I would try the same thing. Switch some resistors in...
  • KH: Yeah, it's an end-user thing. Very few people would spend hundreds of hours on this kind of project and sustain it. It's more or less...
  • Max: Not quite a dinosaur if you've seen Big Hero 6 though... wait. You've watched it with your kids, didn't you? That's cheating...! ;) One of...
  • Edward Mallon: A visiting researcher dropped by our humble basement workshop with questions about the physical skill level students would need if they added one of our...
  • KH: And that looks really expensive... Only browsed the vid though, I'm an dinosaur so I had the sound off too. Nice of him to open-source...