www.bertin-it.com BadUSB, An unpatchable flaw? Bertin IT, CNIM Group. 10 bis avenue Ampère, FR – 78180 Montigny T. +33(0)1 39 30 62 50 E. [email protected] @Bertin_IT v1.0 // Nov.2014
www.bertin-it.com
BadUSB,
An unpatchable flaw?
Bertin IT, CNIM Group. 10 bis avenue Ampère, FR – 78180 Montigny
T. +33(0)1 39 30 62 50
@Bertin_IT
v1.0 // Nov.2014
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 1
BadUSB,
Introduction
Since the announcement of its discovery in August 2014, the BadUSB security flaw has been a
constant source of concern within the IT community.
Undetectable and unpatchable, BadUSB burrows itself into the outer reaches of hardware and
puts under threat billions of USB peripheral devices. At the heart of such security concerns lies
the widely-used USB flash drive.
In October of this year, the wave of panic became a storm with the revelation of the source
code making it possible to exploit this vulnerability on certain types of equipment.
On 12 November, a new study indicated that this flaw would only affect 50% of USB
microcontrollers available on the market. However, in the absence of any references to
specific brands and chip models, it remains impossible to determine whether a peripheral
device is vulnerable or not, short of dismantling it to its bare bones…
Copyright © 2014, Bertin IT. All rights reserved.
WhiteN® and PolyXene® are registered trademarks of Bertin IT.
Other brand names and trademarks referred to in this document may be claimed as property by third parties. Reference to such brand names and/or
trademarks shall not under any circumstances constitute endorsement by Bertin IT.
Author
Stéphanie Blanchet
Proofreaders Erwan Le Disez David Boucher
Benoît Poulot-Cazajous
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 2
BadUSB, a global security flaw.
It is widely known that USB flash drives
have the potential to carry infections
between items of hardware by way of any
harmful files that they may contain. An
antivirus scan or a reformat are in general
effective ways of countering such threats.
With BadUSB however, the threat is
undetectable, since it is not housed in the
flash memory of the drive but at the core of
the firmware that controls how the device
operates. Furthermore, this flaw does not
only affect simple flash drives; it can
theoretically infect any USB peripheral.
Inherent USB vulnerability
The threats posed by the use of USB (Universal
Serial Bus) devices are nothing new. They are
totally inherent to the capacity of these now
massively-used devices (flash drive, external hard
disk, mobile phone, tablet, mouse, keyboard,
webcam, microphone, adapter, etc.) to connect to
any sort of computer, to communicate with it and
to potentially introduce malicious content. The
versatility of USB is at the same time the reason
for its success and also its key weakness. The
highly-popular USB flash drive is naturally the
most common propagation medium. This small
commonplace item that one would willingly
believe to be totally harmless has already served
as a carrier of two particularly fearsome computer
worms, i.e. Conficker1 (2008) and Stuxnet
2 (2010).
The specific attacks associated with USB flash
drives3 are those that generally take advantage of
the facilitating properties of Microsoft Windows.
The AutoRun function that is triggered when
inserting a flash drive can just as well activate the
installation of a driver as that of a malware item
present in the device. Similarly, the AutoPlay
function can launch on the user's computer an
application required to open a file type stored on
the flash drive, but also allow a similarly stored
virus to exploit a weakness in this application (e.g.
exploitation of a flaw in Abode Reader when
reading a PDF file).
The BadUSB flaw revealed during the Black Hat
2014 computer security conference by Karsten
Nohl and Jacob Lell4, two IT experts from Security
Research Labs (SRLabs), is totally unprecedented
in that it does not operate from a malicious file
loaded onto the USB device, but results from a
reprogramming of the firmware installed on its
controller chip.
Universal Serial… Killer
Over a two-month period, Karsten Nohl and Jacob
Lell reverse-engineered the microcontroller that
enables a USB device to communicate with a
computer and enables the user to upload and
download files. It was while doing this that they
discovered that the firmware – in this case
branded by Phison – could be reprogrammed in
such a way as to conceal an attack code, simply by
taking advantage of a weakness common to the
vast majority of USB peripheral devices: i.e. the
absence of protection that would guarantee that
any new code added would possess the
manufacturer's unforgeable digital signature. In
this way, any peripheral device with the capacity to
update its firmware in a non-secure manner may
be corrupted, whatever its class (e.g. interface-
keyboard or mouse, storage medium- USB flash
drive, etc.).
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 3
Once the firmware has been
modified, the malicious device is
able to emulate any other device
(e.g. keyboard, external hard disk,
etc.) and take control of the
computer, install a virus that could
propagate to other USB peripheral
devices, exfiltrate data, spy on the
user… The range of possible
attacks is wide (see fig.1): e.g.
hiding data on a memory stick or
hard disk drive, rewriting data in-
flight to add viruses to newly-
stored files, or spoofing screen
displays in order to access security
information such as Captchas and randomly
arranged PIN codes, …
During their presentation at Black Hat 2014, Nohl
and Lell gave an initial demonstration making it
possible for a keyboard to intercept passwords
and appropriate all associated user privileges.
They then presented a totally transparent Internet
traffic hacking scenario on a Windows machine by
the spoofing of a network card by an Android
phone, presented as being "the simplest USB
attack platform". This is indeed the only case for
which they provided a proof of concept. The two
researchers showed that by emulating a keyboard,
the infected phone could also compromise the
second factor security model of online banking.
Finally, they demonstrated an attack using a boot-
sector virus from a USB stick, infecting the
machine and then booting from hard disk.
Unseen, unchecked…
Attacks of the kind represented by BadUSB cannot
be picked up by traditional defence mechanisms,
most antivirus software being able to detect the
injection of malware via a USB stick but not to
access its firmware and recognize whether it has
been modified. What is more, neither a device
reset nor a USB reformat will remove the firmware,
which therefore retains all of its potential for harm.
As SRLabs clearly state on their website5: "Once
infected, computers and their USB peripherals can
never be trusted again". In other words, the only
way of correcting this flaw is to go back to the
drawing board and totally rethink the design of
USB peripheral devices.
What's new?
It has been pointed out that BadUSB is far from
being a new phenomenon6; indeed a number of
USB flaws had already been talked about prior to
the highly mediatized conference at which Karsten
Nohl and Jacob Lell presented their findings. What
is different in this case, and what has caused such
a stir, would be the sizeable scope that the
BadUSB family of attacks has the potential to
attain, especially given the boom in connected
devices and the emergence of new threats.
Figure 1 / K. Nohl, S. Krißler, J. Lell, 2014. p.18
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 4
Attacks via malicious USB devices (12)
ATTACKS ON USB DRIVERS
By lifting OS restrictions (jailbreak) via the use of a
malicious device (e.g. PS3 jailbreak), it is possible to
modify the read and write permission of the OS.
The execution of an unsigned code can then be
authorized.
ATTACKS VIA HID
By emulating a keyboard and/or a mouse, without
the user's knowledge, a corrupt USB device (e.g.
PHUKD) can trigger the automatic execution of a
program or steal the permissions granted to the
operator (who may also be a system administrator).
It can also open a text file, create a base64 encoded
virus and save it to the target machine…
ATTACKS VIA USB MASS STORAGE
By reprogramming a USB device's firmware, a
hacker can modify in-flight the contents of a
partition or any number of files. The principle is to
force the system to reread a file after checking its
signature: this second reading will not dispatch the
same data as the first and will allow the installation
of the unauthorized code.
DATA ACQUISITION ON THE HOST SYSTEM
Depending on the way in which the OS reads its
descriptor, a malicious USB flash drive can discover
the host OS and thus adapt its strategy to known
vulnerabilities in each of the systems that it wishes
to attack.
DMA ATTACKS & BUS SNOOPING
With On-The-Go USB devices, capable of being seen
as a peripheral device or a s a USB host, Direct
Memory Access (DMA) attacks have now become
possible. Furthermore, a malicious device can easily
intercept data received by all the other devices
connected to a USB host controller.
This list recaps the main types of attack identified by
Benoît Badrigans (2012).
11
During the 2010 DEF CON Hacking Conference,
Adrian Crenshaw7
(TrustedSec) introduced
attendees to PHUKD (Programmable HID USB
Keystroke Dongle), a tiny device containing a
Teensy micro-controller programmed to emulate
keystrokes and mouse movements without the
user realizing and thus launch malicious programs.
This dongle can be found in the Social-Engineer
Toolkit8. The same year, the PlayStation 3
jailbreak9 via a simple USB flash drive had brought
as much joy to gamers as it did woes to Sony. The
malicious device could artificially create an active
6-port USB hub on the console in order to exploit
a flaw making it possible to generate a buffer
overflow and then authorize the execution of
unauthorized software, homebrews and other
hacked games …
We can even go back to 2005, to that year's
edition of the Black Hat conference, to find a
demonstration by David Dewey and Darrin Barrall
(SPI Dynamics) of an attack against the USB
drivers running under Windows XP, enabling to
take control of the OS with the help of a USB flash
drive reprogrammed with a hardware-based
Trojan10
. More recently, at Black Hat 2011, Angelos
Stavrou and Zhaohui Wang11
, researchers at
George Mason University, found a way of getting
an Android smartphone to emulate a keyboard in
order to acquire direct access to the user's session
and input hostile commands to their computer.
"USB protocol can be (ab)used to connect *any*
device to a computing platform *without*
authentication", they told their audience.
‘Fool’ Disclosure ?
Two months after the announcement of the
BadUSB flaw, Adam Caudill and Brandon Wilson13
revealed what Karsten Nohl and Jacob Lell had
preferred to keep under wraps: the means of
exploiting it.
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 5
During the 2014 DerbyCon Hacker
Conference, these two independent IT
security researchers laid bare the
entire method, from reverse
engineering through to the illicit
updating of the firmware, through
which they were able to modify a USB
3.0 stick containing a Phison
Electronics micro-controller, one of the
most widely employed in the world,
and also used by Nohl & Lell for their
experiments (see fig.2). How could the
firmware be customized in such a way
as to convert it into a keyboard, in the
same way as USB Rubber Ducky14
?
How could a hidden partition be created in the
microcontroller (a useful measure for data
exfiltration)? How could the password protection
mechanism be bypassed? Caudill & Wilson
answered these questions by way of three
demonstrations and published on Github15
the
source code that made it possible to perform
these actions.
The objective of this disclosure was to compel USB
device manufacturers to tighten up their security
policies and to raise user awareness of the need
for prudence. "If the only people who can do this
are those with significant budgets, the
manufacturers will never do anything about it"
argue Adam Caudill and Brandon Wilson.
However, it also opens the door to the
deployment of this type of attack. "Thanks to this
code, a large share of the work has already been
done. The development that remains to be done to
create an attack is not so complicated - millions of
computer programmers would be capable of doing
so", according to Karsten Nohl in an interview with
01net16
on 9 October 2014.
Bernie Thompson, founder of Plugable
Technologies (a manufacturer of USB devices),
nevertheless seeks to allay any fears17
. This former
Microsoft development manager stresses that to
hack into a computer via a USB device, the latter
needs to contain firmware that is software
upgradable (i.e. the ROM must be wipeable and
rewritable), and that the upgrade mechanism must
be insecure; and according to Thompson this is
not the case for all devices. But more importantly,
he points out that the BadUSB code must be
specifically designed for the micro-controller
contained in the device. Thus, the code published
by Adam Caudill and Brandon Wilson applies only
to devices equipped with a Phison 2251-03 micro-
controller. Of these, Security Now!18
lists 5 devices
that are known to be vulnerable:
- Patriot 8GB Supersonic Xpress,
- Patriot Stellar 64 Gb Phison,
- Kingston DataTraveler 3.0 T111 8GB,
- Silicon power marvel M60 64GB,
- Toshiba TransMemory-MX™ Black 16 GB.
Figure 2 / K. Nohl, S. Krißler, J. Lell, 2014. p.4
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 6
An unpatchable flaw?
At the end of their presentation, Karsten
Nohl and Jacob Lell reviewed different
ideas for protecting against BadUSB, while
at the same pointing out the limitations of
each one (see fig.3). The only "simple &
effective" solution in their opinion would be
to disable firmware updates in the devices.
However with WhiteN®, Bertin IT provides a
solution for neutralizing threats contained
in removable media, whatever their
firmware, capable of thwarting the attacks
described by the two researchers.
Whitelist implementation and
blocking of USB devices
Karsten Nohl and Jacob Lell list a number of
potential means of protection, including whitelist
implementation but then go on to state that
operating systems are not yet equipped with
those mechanisms. This is however the case with
WhiteN®
.
Whitelist mechanisms are
implemented at the core of the USB
stack in order to authorize only
certain, pre-identified USB devices.
This identification is performed via
analysis of a range of data items,
including the device class and serial
number and the vendor's identifier.
By correlation, any USB device that
has not been explicitly authorized by
the security protocol will be blocked
(e.g. a network interface device or a
webcam, which the operator is not
authorized to use).
WhiteN®
possesses a minimalistic USB stack, with
only three device classes being supported:
- HID, Human Interface Device (e.g. keyboard)
- CCID, Chip/Smart Card Interface Device (e.g.
smartcard reader)
- MSC, Mass Storage Class (e.g. USB flash drive)
Furthermore the Spoof Network Card scenario put
forward by Karsten Nohl & Jacob Lell is not
applicable to WhiteN®
, owing to the fact that this
class of device is not authorized. No data
whatsoever will be sent to the illicit device, which
is simply ignored and by extension neutralized.
As far as the cases of Keyboard Emulation and
Spoof Display are concerned, in the absence of
data required for authenticating the devices in
question an attack is impossible. And even if we
consider the hypothesis that the hacker has,
through social engineering, acquired the serial
numbers and vendor identifiers required to usurp
the identity of an authorized device, the scope of
damage would be extremely limited thanks to the
partitioning mechanisms implemented by
WhiteN®
(see infobox below).
Figure 3 / K. Nohl, S. Krißler, J. Lell, 2014. p.20
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 7
Furthermore the sensitive parametering capability
of WhiteN®
makes it possible to implement
advanced heuristics, such as the automatic
blocking of a second keyboard or the explicit
authorization by the user of each peripheral
device detected.
More and more companies are imposing a total
blanket ban on USB use in order to reduce the
risks associated with uncontrolled USB devices.
This is clearly a radical measure and not without
impact on usability, as stressed by the two SRLabs
researchers, even though type PS/2 devices
(keyboard and mouse) do keep on working. In a
tight configuration such as this, WhiteN®
retains
the possibility of input, but in a totally controlled
manner, thanks to secure access control to the
information system, filtering all data coming from
USB devices.
Firmware integrity verification
WhiteN®
does not perform scan of peripheral
firmware. Besides, Karsten Nohl and Jacob Lell
point out that the firmware of a given device can
only be read back with the help of this same
firmware, which has the malicious capability to
spoof an approved firmware… you might just as
well ask a liar if he is lying!
However, concerning the reprogramming of
firmware in USB peripheral devices that are
integrated within workstations (e.g. keyboard,
touchpad, webcam, etc…), one solution would be
to check the integrity of the platform by including
all items of firmware. This issue is covered by the
specifications of the Trusted Computing Group19
(TCG).
M.
As a contributing member of this consortium,
Bertin IT has performed a number of PoC tests
demonstrating the capacity of the WhiteN®
software base to detect alterations to the firmware
of certain devices.
Role-based access control
Role-based Access Control, or RBAC, makes it
possible to apply specific security strategies
according to a person's rights profile (e.g. user,
system administrator, etc.). In this way, the person
in question is provided with the exact privileges
required for performing a task, no more and no
less.
NEUTRALIZER OF THREATS FROM REMOVABLE MEDIA
WhiteN®
protects sensitive networks against
attacks using active content stored on removable
media (USB devices, CD-ROM, mobile phones,
etc.).
FUNCTIONALITIES
Whitelisting of USB devices
Filtering of USB devices by profile
Filtering and safety checks
Format checks
Event logging
Secure isolation of non-authorized content
Confinement of the environment that has
access to the peripheral device
No local data remanence
Transparent integration into pre-existing IS
Access and imputability control (option)
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 8
HIGH SECURITY SOFTWARE PLATFORM
PolyXene®
is the very high-security software
platform developed by Bertin IT within the
framework of the SINAPSE study program. It is
the fruit of 10 years' collaboration with the
French Defence Procurement Agency (DGA)
examining issues of classified information
partitioning and the secure exchange of
sensitive data.
In 2009, its v1.0 was certified CC-EAL 5 by the
French Network and Information Security Agency
(ANSSI). Polyxene v2.0 is currently undergoing
evaluation for EAL 5+ certification.
ENCODING & INTEGRITY
Karsten Nohl & Jacob Lell evoke the possibilities
of hiding files on a USB storage device and also
of rewriting data in-flight. Thanks to its
encoding-based security mechanism, PolyXene®
renders such attacks ineffective. Any third-party
data is not processed and is consequently unable
to cause damage.
By these same mechanisms, PolyXene® protects
data stored on pre-identified (corporate) USB
flash drives, making their content unintelligible
to a hacker.
SECURE BOOTING
Faced with the scenario of the launch of a virus
on booting a computer, PolyXene® is able to
detect whether the platform has been altered
(e.g. a virus capable of modifying software
behaviour) and to protect it by ciphering the
native code and data.
This secure boot mechanism also provides
protection against the installation of a new BIOS.
The architecture of WhiteN®
is able to perform
this strict separation of roles. It also separates user
environment from administrator environment. A
malicious device would have no more rights than
the user and would be unable to gain access to
other privileges and/or environments. In the
scenario of keyboard emulation for example, this
compartmentalization makes it possible to restrict
the perimeter of attack.
Manufacturers' initiatives
Code signing for updates
BadUSB relies on the fact that the vast majority of
USB devices do not require a code to be signed in
order to authorize firmware updates. If this were
the case, a device whose firmware had been
modified could not authenticate this firmware,
thus preventing it from working. The manufacturer
IronKey20
have seized the opportunity to inform
users that all of their USB devices are fitted with a
cryptographic protection system that thwarts any
attempt at illicit reprogramming.
Disabling of firmware updates
This measure, however "simple and effective" it
may be deemed to be by Karsten Nohl and Jacob
Lell, is not a satisfactory solution for a person in
charge of the IT security of a company's, given
that it would be impossible to control all the USB
flash drives used by staff. It is no more satisfactory
for the general public either, since the vast
majority of people do not possess the technical
skills required to implement such a measure.
Once again, as far as the responsibility for
disabling firmware updates is concerned, the buck
must stop with the manufacturers.
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 9
Towards a "secure firmware" label?
On 12 November of this year, during the PacSec
conference in Tokyo, Karsten Nohl unveiled the
results of a vulnerability study21
of a range of
commercially-available USB devices. He first of all
analyzed, with his colleagues from SRLabs, the
microcontroller datasheets issued by the eight
largest global vendors (Microchip,
Cypress, Alcor, Renesas, Genesys
Logic, ASMedia, Phison, FTDI). Next,
he examined the hardware of 33
devices of differing classes (hub,
interface, webcam, SD & SATA
adapters). This phase did not always
enable identification of the
component's brand name (especially
for HID devices), since certain of these
do not contain any reference.
The results of these two analyses (see
fig.4) show that around 50% of
firmware, irrespective of device class,
is reprogrammable and therefore vulnerable to
the BadUSB flaw. We could of course comfort
ourselves with the idea that the other 50% of
devices are OK. But, as Nohl confided to Wired22
,
"The scarier story is that we can’t give you a list of
safe devices." Not only do we find disparities
within one and the same brand (e.g. certain chips
from Genesys Logic are safe, others are not), but
also the manufacturers of peripheral devices have
a tendency to chop and change their suppliers of
electronic components, from one model to
another, or even for a single product, according to
supply and demand.
This fact has been brought to light by a survey
carried out by Richard Harman23
and presented at
the Shmoocon conference in January 2014. We
learn for example that a leading manufacturer of
USB flash drives, Kingston Digital, uses micro-
controllers sourced from six different suppliers.
Silicon Power has four sources and Trend Micro
three… It is therefore theoretically impossible to
determine whether the firmware contained in a
device belongs to the "vulnerable" category or
not, short of dismantling the device.
As we can see, the BadUSB flaw does not only cast
doubt on the security of billions of peripheral
devices but also on the industrial practices of their
manufacturers. And unfortunately, a "secure
firmware" label is not on the horizon at the
present time. Certain manufacturers have got the
message though: the FreeBSD24
OS has been
made more robust with a USB enumeration
disablement option, meaning that a newly-
connected peripheral device cannot identify itself
to the host, while G DATA25
now proposes
software that makes it possible to control the
access of a new keyboard to a system in order to
counter any attacks by keystroke emulation. Two
kinds of protective measures that are already
performed by WhiteN®
, the USB threat
neutralization station developed by Bertin IT.
Figure 4 / K. Nohl, S. Krißler, J. Lell, 2014-2. p.21
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 10
References 1- Porras, Phillip, Saidi, Hassen, Yegneswaran Vinod. An analysis of Conficker's logic and rendez-vous points. SRI International
Technical Report, 2009. http://mtc.sri.com/Conficker/
2- Stuxnet. Wiki. http://en.wikipedia.org/wiki/Stuxnet/
3- Pour une revue des risques associés aux clefs USB: Vallée, Luc. Clef USB: pratiques mais risquées. Magazine Sécurité de
l’Information, 2011, n°11, p. 2-4.http://www.dgdr.cnrs.fr/fsd/securite-systemes/revues-pdf/Si11.pdf
-CERTA, Centre d'Expertise gouvernemental de Réponse et de Traitement des Attaques informatiques. Risques associés aux clés USB.
Première version: 2006. Dernière version: 2009http://www.cert.ssi.gouv.fr/site/CERTA-2006-INF-006/
4- Nohl, Karsten, Krißler, Sascha, Lell, Jacob. SRLabs. BadUSB – On accessories that turn evil. Black Hat, 2014.
https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf A lire aussi: Why the security of USB is fundamentally broken. Wired, 2014.http://www.wired.com/2014/07/usb-security/
5- Security Research Labs (SRLabs). Turning USB peripherals into BadUSB. 2014.https://srlabs.de/badusb/
6- Co-écrit avec Tristan Vanel, Bitdefender. BadUSB: beaucoup de bruit pour presque rien ? D4v1d, 2014.
http://d4v1d.me/badusb-beaucoup-de-bruit-pour-presque-rien/
7- Crenshaw, Adrian. TrustedSec. Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device. DEF CON, 2010.
https://www.defcon.org/images/defcon-18/dc-18-presentations/Crenshaw/DEFCON-18-Crenshaw-PHID-USB-Device.pdf
8- Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector. TrustedSec, 2010.
https://www.trustedsec.com/august-2010/social-engineer-toolkit-v0-6-1-teensy-usb-hid-attack-vector/
9- PSJailbreak Exploit Reverse Engineering. PS3 Wiki. http://www.psdevwiki.com/ps3/PSJailbreak_Exploit_Payload_Reverse_Engineering/
10- Dewey, David, Barrall, Darrin. SPI Dynamics. Plug and Root: The USB Key to the Kingdom. Black Hat, 2005.
http://www.blackhat.com/presentations/bh-usa-05/BH_US_05-Barrall-Dewey.pdf.
11- Stavrou, Angelos, Wang, Zhaohui. Exploiting Smart-Phone USB Connectivity For Fun And Profit. Black Hat,
2011.https://media.blackhat.com/bh-dc-11/Stavrou-Wang/BlackHat_DC_2011_Stavrou_Zhaohui_USB_exploits-Slides.pdf
12- Badrigans, Benoît. Attaques applicatives via périphériques USB modifiés: infection virale et fuites d’informations. SSTIC, 2013.
sstic.org/2013/presentation/Attaques_applicatives_via_peripheriques_USB_modifies_infection_virale_et_fuites_d_informations/
13- Caudill , Adam, Wilson, Brandon. Making BadUSB Work For You. Derbycon, 2014. http://fr.slideshare.net/adam_caudill/derby-
con2014presentation/
14- USB Rubber Ducky - The Original Keystroke Injection Tool.www.usbrubberducky.com
15- Caudill , Adam, Wilson, Brandon. Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches. Github, 2014.
https://github.com/adamcaudill/Psychson/
16- Kallenborn, Gilbert. Les attaques par USB, désormais à la portée de « millions de développeurs ». 01Net, 2014.
http://www.01net.com/editorial/628392/les-attaques-par-usb-desormais-a-la-portee-de-millions-de-developpeurs/
17- Thompson, Bernie. What BadUSB Is and Isn’t. Plugable, 2014. http://plugable.com/2014/10/06/badusb/
18- BadUSB returns. Security Now! #476 - 10-07-14 Q&A #198, 2014. https://www.grc.com/sn/SN-476-Notes.pdf
19- Trusted Computing Group – TCG. http://www.trustedcomputinggroup.org
20- Ironkey™ Secure USB Devices http://www.ironkey.com/en-US/solutions/protect-against-badusb.html
21- Nohl, Karsten, Krißler, Sascha, Lell, Jacob. SRLabs. BadUSB – On accessories that turn evil. PacSec, 2014.
https://srlabs.de/blog/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf - Résultats détaillés de
l’étudehttps://opensource.srlabs.de/projects/badusb
22- Greenberg, Andy. Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half. Wired, 2014.
http://www.wired.com/2014/11/badusb-only-affects-half-of-usbs/
23- Harman, Richard. Controlling USB Flash Drive Controllers: Exposé of hidden features. Shmoocon, 2014. http://fr.slideshare.net/xabean/controlling-usb-flash-drive-controllers-expose-of-hidden-features/
24- FreeBSD https://www.freebsd.org/fr/
25- Sécurisé contre les attaques USB. G DATA https://www.gdata.fr/fr-usb-keyboard-guard.html
BadUSB, an unpatchable flaw?
Copyright © 2014, Bertin IT. All rights reserved. 11
Copyright © 2014, Bertin IT.
All rights reserved.
This document can be downloaded from our website
www.bertin-it.com
Did you like this article? If you did, why not share it!
www.bertin-it.com