BadUSB, an unpatchable flaw? - Bertin IT · The specific attacks associated with USB flash drives3 are those that generally take advantage of the facilitating properties of Microsoft

www.bertin-it.com

BadUSB,

An unpatchable flaw?

Bertin IT, CNIM Group. 10 bis avenue Ampère, FR – 78180 Montigny

T. +33(0)1 39 30 62 50

E. [email protected]

@Bertin_IT

v1.0 // Nov.2014

BadUSB, an unpatchable flaw?

Copyright © 2014, Bertin IT. All rights reserved. 1

BadUSB,

Introduction

Since the announcement of its discovery in August 2014, the BadUSB security flaw has been a

constant source of concern within the IT community.

Undetectable and unpatchable, BadUSB burrows itself into the outer reaches of hardware and

puts under threat billions of USB peripheral devices. At the heart of such security concerns lies

the widely-used USB flash drive.

In October of this year, the wave of panic became a storm with the revelation of the source

code making it possible to exploit this vulnerability on certain types of equipment.

On 12 November, a new study indicated that this flaw would only affect 50% of USB

microcontrollers available on the market. However, in the absence of any references to

specific brands and chip models, it remains impossible to determine whether a peripheral

device is vulnerable or not, short of dismantling it to its bare bones…

Copyright © 2014, Bertin IT. All rights reserved.

WhiteN® and PolyXene® are registered trademarks of Bertin IT.

Other brand names and trademarks referred to in this document may be claimed as property by third parties. Reference to such brand names and/or

trademarks shall not under any circumstances constitute endorsement by Bertin IT.

Author

Stéphanie Blanchet

Proofreaders Erwan Le Disez David Boucher

Benoît Poulot-Cazajous



BadUSB, a global security flaw.

It is widely known that USB flash drives

have the potential to carry infections

between items of hardware by way of any

harmful files that they may contain. An

antivirus scan or a reformat are in general

effective ways of countering such threats.

With BadUSB however, the threat is

undetectable, since it is not housed in the

flash memory of the drive but at the core of

the firmware that controls how the device

operates. Furthermore, this flaw does not

only affect simple flash drives; it can

theoretically infect any USB peripheral.

Inherent USB vulnerability

The threats posed by the use of USB (Universal

Serial Bus) devices are nothing new. They are

totally inherent to the capacity of these now

massively-used devices (flash drive, external hard

disk, mobile phone, tablet, mouse, keyboard,

webcam, microphone, adapter, etc.) to connect to

any sort of computer, to communicate with it and

to potentially introduce malicious content. The

versatility of USB is at the same time the reason

for its success and also its key weakness. The

highly-popular USB flash drive is naturally the

most common propagation medium. This small

commonplace item that one would willingly

believe to be totally harmless has already served

as a carrier of two particularly fearsome computer

worms, i.e. Conficker1 (2008) and Stuxnet

2 (2010).

The specific attacks associated with USB flash

drives3 are those that generally take advantage of

the facilitating properties of Microsoft Windows.

The AutoRun function that is triggered when

inserting a flash drive can just as well activate the

installation of a driver as that of a malware item

present in the device. Similarly, the AutoPlay

function can launch on the user's computer an

application required to open a file type stored on

the flash drive, but also allow a similarly stored

virus to exploit a weakness in this application (e.g.

exploitation of a flaw in Abode Reader when

reading a PDF file).

The BadUSB flaw revealed during the Black Hat

2014 computer security conference by Karsten

Nohl and Jacob Lell4, two IT experts from Security

Research Labs (SRLabs), is totally unprecedented

in that it does not operate from a malicious file

loaded onto the USB device, but results from a

reprogramming of the firmware installed on its

controller chip.

Universal Serial… Killer

Over a two-month period, Karsten Nohl and Jacob

Lell reverse-engineered the microcontroller that

enables a USB device to communicate with a

computer and enables the user to upload and

download files. It was while doing this that they

discovered that the firmware – in this case

branded by Phison – could be reprogrammed in

such a way as to conceal an attack code, simply by

taking advantage of a weakness common to the

vast majority of USB peripheral devices: i.e. the

absence of protection that would guarantee that

any new code added would possess the

manufacturer's unforgeable digital signature. In

this way, any peripheral device with the capacity to

update its firmware in a non-secure manner may

be corrupted, whatever its class (e.g. interface-

keyboard or mouse, storage medium- USB flash

drive, etc.).



Once the firmware has been

modified, the malicious device is

able to emulate any other device

(e.g. keyboard, external hard disk,

etc.) and take control of the

computer, install a virus that could

propagate to other USB peripheral

devices, exfiltrate data, spy on the

user… The range of possible

attacks is wide (see fig.1): e.g.

hiding data on a memory stick or

hard disk drive, rewriting data in-

flight to add viruses to newly-

stored files, or spoofing screen

displays in order to access security

information such as Captchas and randomly

arranged PIN codes, …

During their presentation at Black Hat 2014, Nohl

and Lell gave an initial demonstration making it

possible for a keyboard to intercept passwords

and appropriate all associated user privileges.

They then presented a totally transparent Internet

traffic hacking scenario on a Windows machine by

the spoofing of a network card by an Android

phone, presented as being "the simplest USB

attack platform". This is indeed the only case for

which they provided a proof of concept. The two

researchers showed that by emulating a keyboard,

the infected phone could also compromise the

second factor security model of online banking.

Finally, they demonstrated an attack using a boot-

sector virus from a USB stick, infecting the

machine and then booting from hard disk.

Unseen, unchecked…

Attacks of the kind represented by BadUSB cannot

be picked up by traditional defence mechanisms,

most antivirus software being able to detect the

injection of malware via a USB stick but not to

access its firmware and recognize whether it has

been modified. What is more, neither a device

reset nor a USB reformat will remove the firmware,

which therefore retains all of its potential for harm.

As SRLabs clearly state on their website5: "Once

infected, computers and their USB peripherals can

never be trusted again". In other words, the only

way of correcting this flaw is to go back to the

drawing board and totally rethink the design of

USB peripheral devices.

What's new?

It has been pointed out that BadUSB is far from

being a new phenomenon6; indeed a number of

USB flaws had already been talked about prior to

the highly mediatized conference at which Karsten

Nohl and Jacob Lell presented their findings. What

is different in this case, and what has caused such

a stir, would be the sizeable scope that the

BadUSB family of attacks has the potential to

attain, especially given the boom in connected

devices and the emergence of new threats.

Figure 1 / K. Nohl, S. Krißler, J. Lell, 2014. p.18



Attacks via malicious USB devices (12)

ATTACKS ON USB DRIVERS

By lifting OS restrictions (jailbreak) via the use of a

malicious device (e.g. PS3 jailbreak), it is possible to

modify the read and write permission of the OS.

The execution of an unsigned code can then be

authorized.

ATTACKS VIA HID

By emulating a keyboard and/or a mouse, without

the user's knowledge, a corrupt USB device (e.g.

PHUKD) can trigger the automatic execution of a

program or steal the permissions granted to the

operator (who may also be a system administrator).

It can also open a text file, create a base64 encoded

virus and save it to the target machine…

ATTACKS VIA USB MASS STORAGE

By reprogramming a USB device's firmware, a

hacker can modify in-flight the contents of a

partition or any number of files. The principle is to

force the system to reread a file after checking its

signature: this second reading will not dispatch the

same data as the first and will allow the installation

of the unauthorized code.

DATA ACQUISITION ON THE HOST SYSTEM

Depending on the way in which the OS reads its

descriptor, a malicious USB flash drive can discover

the host OS and thus adapt its strategy to known

vulnerabilities in each of the systems that it wishes

to attack.

DMA ATTACKS & BUS SNOOPING

With On-The-Go USB devices, capable of being seen

as a peripheral device or a s a USB host, Direct

Memory Access (DMA) attacks have now become

possible. Furthermore, a malicious device can easily

intercept data received by all the other devices

connected to a USB host controller.

This list recaps the main types of attack identified by

Benoît Badrigans (2012).

11

During the 2010 DEF CON Hacking Conference,

Adrian Crenshaw7

(TrustedSec) introduced

attendees to PHUKD (Programmable HID USB

Keystroke Dongle), a tiny device containing a

Teensy micro-controller programmed to emulate

keystrokes and mouse movements without the

user realizing and thus launch malicious programs.

This dongle can be found in the Social-Engineer

Toolkit8. The same year, the PlayStation 3

jailbreak9 via a simple USB flash drive had brought

as much joy to gamers as it did woes to Sony. The

malicious device could artificially create an active

6-port USB hub on the console in order to exploit

a flaw making it possible to generate a buffer

overflow and then authorize the execution of

unauthorized software, homebrews and other

hacked games …

We can even go back to 2005, to that year's

edition of the Black Hat conference, to find a

demonstration by David Dewey and Darrin Barrall

(SPI Dynamics) of an attack against the USB

drivers running under Windows XP, enabling to

take control of the OS with the help of a USB flash

drive reprogrammed with a hardware-based

Trojan10

. More recently, at Black Hat 2011, Angelos

Stavrou and Zhaohui Wang11

, researchers at

George Mason University, found a way of getting

an Android smartphone to emulate a keyboard in

order to acquire direct access to the user's session

and input hostile commands to their computer.

"USB protocol can be (ab)used to connect *any*

device to a computing platform *without*

authentication", they told their audience.

‘Fool’ Disclosure ?

Two months after the announcement of the

BadUSB flaw, Adam Caudill and Brandon Wilson13

revealed what Karsten Nohl and Jacob Lell had

preferred to keep under wraps: the means of

exploiting it.



During the 2014 DerbyCon Hacker

Conference, these two independent IT

security researchers laid bare the

entire method, from reverse

engineering through to the illicit

updating of the firmware, through

which they were able to modify a USB

3.0 stick containing a Phison

Electronics micro-controller, one of the

most widely employed in the world,

and also used by Nohl & Lell for their

experiments (see fig.2). How could the

firmware be customized in such a way

as to convert it into a keyboard, in the

same way as USB Rubber Ducky14

?

How could a hidden partition be created in the

microcontroller (a useful measure for data

exfiltration)? How could the password protection

mechanism be bypassed? Caudill & Wilson

answered these questions by way of three

demonstrations and published on Github15

the

source code that made it possible to perform

these actions.

The objective of this disclosure was to compel USB

device manufacturers to tighten up their security

policies and to raise user awareness of the need

for prudence. "If the only people who can do this

are those with significant budgets, the

manufacturers will never do anything about it"

argue Adam Caudill and Brandon Wilson.

However, it also opens the door to the

deployment of this type of attack. "Thanks to this

code, a large share of the work has already been

done. The development that remains to be done to

create an attack is not so complicated - millions of

computer programmers would be capable of doing

so", according to Karsten Nohl in an interview with

01net16

on 9 October 2014.

Bernie Thompson, founder of Plugable

Technologies (a manufacturer of USB devices),

nevertheless seeks to allay any fears17

. This former

Microsoft development manager stresses that to

hack into a computer via a USB device, the latter

needs to contain firmware that is software

upgradable (i.e. the ROM must be wipeable and

rewritable), and that the upgrade mechanism must

be insecure; and according to Thompson this is

not the case for all devices. But more importantly,

he points out that the BadUSB code must be

specifically designed for the micro-controller

contained in the device. Thus, the code published

by Adam Caudill and Brandon Wilson applies only

to devices equipped with a Phison 2251-03 micro-

controller. Of these, Security Now!18

lists 5 devices

that are known to be vulnerable:

- Patriot 8GB Supersonic Xpress,

- Patriot Stellar 64 Gb Phison,

- Kingston DataTraveler 3.0 T111 8GB,

- Silicon power marvel M60 64GB,

- Toshiba TransMemory-MX™ Black 16 GB.




An unpatchable flaw?

At the end of their presentation, Karsten

Nohl and Jacob Lell reviewed different

ideas for protecting against BadUSB, while

at the same pointing out the limitations of

each one (see fig.3). The only "simple &

effective" solution in their opinion would be

to disable firmware updates in the devices.

However with WhiteN®, Bertin IT provides a

solution for neutralizing threats contained

in removable media, whatever their

firmware, capable of thwarting the attacks

described by the two researchers.

Whitelist implementation and

blocking of USB devices

Karsten Nohl and Jacob Lell list a number of

potential means of protection, including whitelist

implementation but then go on to state that

operating systems are not yet equipped with

those mechanisms. This is however the case with

WhiteN®

.

Whitelist mechanisms are

implemented at the core of the USB

stack in order to authorize only

certain, pre-identified USB devices.

This identification is performed via

analysis of a range of data items,

including the device class and serial

number and the vendor's identifier.

By correlation, any USB device that

has not been explicitly authorized by

the security protocol will be blocked

(e.g. a network interface device or a

webcam, which the operator is not

authorized to use).

WhiteN®

possesses a minimalistic USB stack, with

only three device classes being supported:

- HID, Human Interface Device (e.g. keyboard)

- CCID, Chip/Smart Card Interface Device (e.g.

smartcard reader)

- MSC, Mass Storage Class (e.g. USB flash drive)

Furthermore the Spoof Network Card scenario put

forward by Karsten Nohl & Jacob Lell is not

applicable to WhiteN®

, owing to the fact that this

class of device is not authorized. No data

whatsoever will be sent to the illicit device, which

is simply ignored and by extension neutralized.

As far as the cases of Keyboard Emulation and

Spoof Display are concerned, in the absence of

data required for authenticating the devices in

question an attack is impossible. And even if we

consider the hypothesis that the hacker has,

through social engineering, acquired the serial

numbers and vendor identifiers required to usurp

the identity of an authorized device, the scope of

damage would be extremely limited thanks to the

partitioning mechanisms implemented by

WhiteN®

(see infobox below).




Furthermore the sensitive parametering capability

of WhiteN®

makes it possible to implement

advanced heuristics, such as the automatic

blocking of a second keyboard or the explicit

authorization by the user of each peripheral

device detected.

More and more companies are imposing a total

blanket ban on USB use in order to reduce the

risks associated with uncontrolled USB devices.

This is clearly a radical measure and not without

impact on usability, as stressed by the two SRLabs

researchers, even though type PS/2 devices

(keyboard and mouse) do keep on working. In a

tight configuration such as this, WhiteN®

retains

the possibility of input, but in a totally controlled

manner, thanks to secure access control to the

information system, filtering all data coming from

USB devices.

Firmware integrity verification

WhiteN®

does not perform scan of peripheral

firmware. Besides, Karsten Nohl and Jacob Lell

point out that the firmware of a given device can

only be read back with the help of this same

firmware, which has the malicious capability to

spoof an approved firmware… you might just as

well ask a liar if he is lying!

However, concerning the reprogramming of

firmware in USB peripheral devices that are

integrated within workstations (e.g. keyboard,

touchpad, webcam, etc…), one solution would be

to check the integrity of the platform by including

all items of firmware. This issue is covered by the

specifications of the Trusted Computing Group19

(TCG).

M.

As a contributing member of this consortium,

Bertin IT has performed a number of PoC tests

demonstrating the capacity of the WhiteN®

software base to detect alterations to the firmware

of certain devices.

Role-based access control

Role-based Access Control, or RBAC, makes it

possible to apply specific security strategies

according to a person's rights profile (e.g. user,

system administrator, etc.). In this way, the person

in question is provided with the exact privileges

required for performing a task, no more and no

less.

NEUTRALIZER OF THREATS FROM REMOVABLE MEDIA

WhiteN®

protects sensitive networks against

attacks using active content stored on removable

media (USB devices, CD-ROM, mobile phones,

etc.).

FUNCTIONALITIES

Whitelisting of USB devices

Filtering of USB devices by profile

Filtering and safety checks

Format checks

Event logging

Secure isolation of non-authorized content

Confinement of the environment that has

access to the peripheral device

No local data remanence

Transparent integration into pre-existing IS

Access and imputability control (option)



HIGH SECURITY SOFTWARE PLATFORM

PolyXene®

is the very high-security software

platform developed by Bertin IT within the

framework of the SINAPSE study program. It is

the fruit of 10 years' collaboration with the

French Defence Procurement Agency (DGA)

examining issues of classified information

partitioning and the secure exchange of

sensitive data.

In 2009, its v1.0 was certified CC-EAL 5 by the

French Network and Information Security Agency

(ANSSI). Polyxene v2.0 is currently undergoing

evaluation for EAL 5+ certification.

ENCODING & INTEGRITY

Karsten Nohl & Jacob Lell evoke the possibilities

of hiding files on a USB storage device and also

of rewriting data in-flight. Thanks to its

encoding-based security mechanism, PolyXene®

renders such attacks ineffective. Any third-party

data is not processed and is consequently unable

to cause damage.

By these same mechanisms, PolyXene® protects

data stored on pre-identified (corporate) USB

flash drives, making their content unintelligible

to a hacker.

SECURE BOOTING

Faced with the scenario of the launch of a virus

on booting a computer, PolyXene® is able to

detect whether the platform has been altered

(e.g. a virus capable of modifying software

behaviour) and to protect it by ciphering the

native code and data.

This secure boot mechanism also provides

protection against the installation of a new BIOS.

The architecture of WhiteN®

is able to perform

this strict separation of roles. It also separates user

environment from administrator environment. A

malicious device would have no more rights than

the user and would be unable to gain access to

other privileges and/or environments. In the

scenario of keyboard emulation for example, this

compartmentalization makes it possible to restrict

the perimeter of attack.

Manufacturers' initiatives

Code signing for updates

BadUSB relies on the fact that the vast majority of

USB devices do not require a code to be signed in

order to authorize firmware updates. If this were

the case, a device whose firmware had been

modified could not authenticate this firmware,

thus preventing it from working. The manufacturer

IronKey20

have seized the opportunity to inform

users that all of their USB devices are fitted with a

cryptographic protection system that thwarts any

attempt at illicit reprogramming.

Disabling of firmware updates

This measure, however "simple and effective" it

may be deemed to be by Karsten Nohl and Jacob

Lell, is not a satisfactory solution for a person in

charge of the IT security of a company's, given

that it would be impossible to control all the USB

flash drives used by staff. It is no more satisfactory

for the general public either, since the vast

majority of people do not possess the technical

skills required to implement such a measure.

Once again, as far as the responsibility for

disabling firmware updates is concerned, the buck

must stop with the manufacturers.



Towards a "secure firmware" label?

On 12 November of this year, during the PacSec

conference in Tokyo, Karsten Nohl unveiled the

results of a vulnerability study21

of a range of

commercially-available USB devices. He first of all

analyzed, with his colleagues from SRLabs, the

microcontroller datasheets issued by the eight

largest global vendors (Microchip,

Cypress, Alcor, Renesas, Genesys

Logic, ASMedia, Phison, FTDI). Next,

he examined the hardware of 33

devices of differing classes (hub,

interface, webcam, SD & SATA

adapters). This phase did not always

enable identification of the

component's brand name (especially

for HID devices), since certain of these

do not contain any reference.

The results of these two analyses (see

fig.4) show that around 50% of

firmware, irrespective of device class,

is reprogrammable and therefore vulnerable to

the BadUSB flaw. We could of course comfort

ourselves with the idea that the other 50% of

devices are OK. But, as Nohl confided to Wired22

,

"The scarier story is that we can’t give you a list of

safe devices." Not only do we find disparities

within one and the same brand (e.g. certain chips

from Genesys Logic are safe, others are not), but

also the manufacturers of peripheral devices have

a tendency to chop and change their suppliers of

electronic components, from one model to

another, or even for a single product, according to

supply and demand.

This fact has been brought to light by a survey

carried out by Richard Harman23

and presented at

the Shmoocon conference in January 2014. We

learn for example that a leading manufacturer of

USB flash drives, Kingston Digital, uses micro-

controllers sourced from six different suppliers.

Silicon Power has four sources and Trend Micro

three… It is therefore theoretically impossible to

determine whether the firmware contained in a

device belongs to the "vulnerable" category or

not, short of dismantling the device.

As we can see, the BadUSB flaw does not only cast

doubt on the security of billions of peripheral

devices but also on the industrial practices of their

manufacturers. And unfortunately, a "secure

firmware" label is not on the horizon at the

present time. Certain manufacturers have got the

message though: the FreeBSD24

OS has been

made more robust with a USB enumeration

disablement option, meaning that a newly-

connected peripheral device cannot identify itself

to the host, while G DATA25

now proposes

software that makes it possible to control the

access of a new keyboard to a system in order to

counter any attacks by keystroke emulation. Two

kinds of protective measures that are already

performed by WhiteN®

, the USB threat

neutralization station developed by Bertin IT.

Figure 4 / K. Nohl, S. Krißler, J. Lell, 2014-2. p.21



References 1- Porras, Phillip, Saidi, Hassen, Yegneswaran Vinod. An analysis of Conficker's logic and rendez-vous points. SRI International

Technical Report, 2009. http://mtc.sri.com/Conficker/

2- Stuxnet. Wiki. http://en.wikipedia.org/wiki/Stuxnet/

3- Pour une revue des risques associés aux clefs USB: Vallée, Luc. Clef USB: pratiques mais risquées. Magazine Sécurité de

l’Information, 2011, n°11, p. 2-4.http://www.dgdr.cnrs.fr/fsd/securite-systemes/revues-pdf/Si11.pdf

-CERTA, Centre d'Expertise gouvernemental de Réponse et de Traitement des Attaques informatiques. Risques associés aux clés USB.

Première version: 2006. Dernière version: 2009http://www.cert.ssi.gouv.fr/site/CERTA-2006-INF-006/

4- Nohl, Karsten, Krißler, Sascha, Lell, Jacob. SRLabs. BadUSB – On accessories that turn evil. Black Hat, 2014.

https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf A lire aussi: Why the security of USB is fundamentally broken. Wired, 2014.http://www.wired.com/2014/07/usb-security/

5- Security Research Labs (SRLabs). Turning USB peripherals into BadUSB. 2014.https://srlabs.de/badusb/

6- Co-écrit avec Tristan Vanel, Bitdefender. BadUSB: beaucoup de bruit pour presque rien ? D4v1d, 2014.

http://d4v1d.me/badusb-beaucoup-de-bruit-pour-presque-rien/

7- Crenshaw, Adrian. TrustedSec. Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device. DEF CON, 2010.

https://www.defcon.org/images/defcon-18/dc-18-presentations/Crenshaw/DEFCON-18-Crenshaw-PHID-USB-Device.pdf

8- Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector. TrustedSec, 2010.

https://www.trustedsec.com/august-2010/social-engineer-toolkit-v0-6-1-teensy-usb-hid-attack-vector/

9- PSJailbreak Exploit Reverse Engineering. PS3 Wiki. http://www.psdevwiki.com/ps3/PSJailbreak_Exploit_Payload_Reverse_Engineering/

10- Dewey, David, Barrall, Darrin. SPI Dynamics. Plug and Root: The USB Key to the Kingdom. Black Hat, 2005.

http://www.blackhat.com/presentations/bh-usa-05/BH_US_05-Barrall-Dewey.pdf.

11- Stavrou, Angelos, Wang, Zhaohui. Exploiting Smart-Phone USB Connectivity For Fun And Profit. Black Hat,

2011.https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf

12- Badrigans, Benoît. Attaques applicatives via périphériques USB modifiés: infection virale et fuites d’informations. SSTIC, 2013.

sstic.org/2013/presentation/Attaques_applicatives_via_peripheriques_USB_modifies_infection_virale_et_fuites_d_informations/

13- Caudill , Adam, Wilson, Brandon. Making BadUSB Work For You. Derbycon, 2014. http://fr.slideshare.net/adam_caudill/derby-

con2014presentation/

14- USB Rubber Ducky - The Original Keystroke Injection Tool.www.usbrubberducky.com

15- Caudill , Adam, Wilson, Brandon. Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches. Github, 2014.

https://github.com/adamcaudill/Psychson/

16- Kallenborn, Gilbert. Les attaques par USB, désormais à la portée de « millions de développeurs ». 01Net, 2014.

http://www.01net.com/editorial/628392/les-attaques-par-usb-desormais-a-la-portee-de-millions-de-developpeurs/

17- Thompson, Bernie. What BadUSB Is and Isn’t. Plugable, 2014. http://plugable.com/2014/10/06/badusb/

18- BadUSB returns. Security Now! #476 - 10-07-14 Q&A #198, 2014. https://www.grc.com/sn/SN-476-Notes.pdf

19- Trusted Computing Group – TCG. http://www.trustedcomputinggroup.org

20- Ironkey™ Secure USB Devices http://www.ironkey.com/en-US/solutions/protect-against-badusb.html

21- Nohl, Karsten, Krißler, Sascha, Lell, Jacob. SRLabs. BadUSB – On accessories that turn evil. PacSec, 2014.

https://srlabs.de/blog/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf - Résultats détaillés de

l’étudehttps://opensource.srlabs.de/projects/badusb

22- Greenberg, Andy. Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half. Wired, 2014.

http://www.wired.com/2014/11/badusb-only-affects-half-of-usbs/

23- Harman, Richard. Controlling USB Flash Drive Controllers: Exposé of hidden features. Shmoocon, 2014. http://fr.slideshare.net/xabean/controlling-usb-flash-drive-controllers-expose-of-hidden-features/

24- FreeBSD https://www.freebsd.org/fr/

25- Sécurisé contre les attaques USB. G DATA https://www.gdata.fr/fr-usb-keyboard-guard.html

http://www.dgdr.cnrs.fr/fsd/securite-systemes/revues-pdf/Si11.pdf

https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf



Copyright © 2014, Bertin IT.

All rights reserved.

This document can be downloaded from our website

www.bertin-it.com

Did you like this article? If you did, why not share it!

www.bertin-it.com

https://twitter.com/

https://www.linkedin.com/

BadUSB, an unpatchable flaw? - Bertin IT · The specific attacks associated with USB flash drives3 are those that generally take advantage of the facilitating properties of Microsoft

Documents