[Cryptech Tech] arm

Warren Kumari warren at kumari.net
Mon Jan 19 15:25:51 UTC 2015


On Monday, January 19, 2015, Fredrik Thulin <fredrik at thulin.net> wrote:

> On Monday, January 19, 2015 08:55:55 AM Jakob Schlyter wrote:
> ...
> > Are there any good examples on attacks on a USB host from something like
> a
> > USB mass storage device or a USB HID?
>
> Look for bugs found using "facedancer". Here is some kind of paper (only
> skimmed it)
>
>
Yeah, I have one of the facedancer widgets, and wrote a Python USB fuzzer
that used it to twiddle the PID - I had some uncertainty about what it was
actually outputting, so I ran it through a Beagle USB 12 protocol analyzer
-- which promptly freaked out and locked hard. I called that success and
went to have a snack. :-)

W


>
> https://www.blackhat.com/docs/eu-14/materials/eu-14-Schumilo-Dont-Trust-Your-USB-How-To-Find-Bugs-In-USB-Device-Drivers-wp.pdf
>
> I couldn't find any good writeups about bugs found with that tool now, but
> I
> remember there was a steady stream of reports a while back - both bugs in
> various OS kernels, but also things like the X server having an exploitable
> printf formatting bug where it would log the USB vendor name to it's log
> file
> IIRC.
>
> If we're not just talking about attacks on USB stacks, but on hosts, check
> out
> BadUSB - On Accessories that Turn Evil by Karsten Nohl + Jakob Lell  that
> Peter mentioned a while back on this list. Good talk.
>
>   BadUSB - On Accessories that Turn Evil by Karsten Nohl + Jakob Lell
> <https://www.youtube.com/watch?v=nuruzFqMgIw>
>
> /Fredrik
>
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is <javascript:;>
> https://lists.cryptech.is/listinfo/tech
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20150119/14048762/attachment.html>


More information about the Tech mailing list