[Cryptech Tech] arm
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jan 20 08:45:55 UTC 2015
Bernd Paysan <bernd at net2o.de> writes:
>A generic USB host with tons of drivers enabled for all the weird protocols
>out there is for sure an attack vector.
We're talking about different things here. You're talking about attacking the
USB drivers running on the host CPU. I'm talking about attacking the USB
device itself, irrespective of what the host CPU does or doesn't do. For
example what happens when you send unexpected PIDs, when you send different
data for the two parts of the repeated PID field, when you send ACKs and NAKs
and whatnot in strange places, and a million other violations of the USB state
machine? What if you abuse the Device Firmware Upgrade capability (DFU,
standardised since 2004 and with no security mechanisms that I know of) or any
vendor-specific undocumented equivalents to add supplementary functionality to
your USB device?
Peter.
More information about the Tech
mailing list