USBeat: On the Many Dangers of USB Devices
Universal Serial Bus (USB) has become the most popular and common standard to connect computer peripherals (including keyboards, pointing devices, digital cameras, printers, portable media players, disk drives, network adapters, smartphones, PDAs, and video game consoles) to personal computers, both to communicate and to supply electric power. Users tend to trust USB devices to do what they think the device is supposed to do. However, USB devices can be used to exfiltrate sensitive data, spread malicious code, steal the user's identity, stealthily change system settings and open back doors on the host, and even physically destroy it. In reality, USB devices are small computers that can be programmed to be anything. This lecture will survey the sophisticated USB attacks that have emerged over the last decade. We’ll begin by reviewing some of the basic USB concepts and then the attacks will be described and classified according to their objectives, device type, and the set of skills required for implementing them. The lecture will include a demonstration of several attacks, and Nitzan will discuss how they can be detected.