Скачать с ютуб Exposing Malicious USB Cables - BSides Portland 2022 в хорошем качестве

Exposing Malicious USB Cables - BSides Portland 2022

Universal Serial Bus (USB) cables are ubiquitous with many uses connecting a wide variety of devices such as audio, visual, and data entry systems and charging batteries. Electronic devices have decreased in size over time and they are now small enough to fit within the housing of a USB connector. There are harmless 100W USB cables with embedded E-marker chips to communicate power delivery for sourcing and sinking current to charge mobile devices quickly. However, some companies have designed malicious hardware implants containing key-loggers and other nefarious programs in an effort to extract data from victims. Any system compromise that can be implemented with a keyboard is possible with vicious implants. This project designs a malicious hardware implant detector by sensing current draw from the USB cable which exposes these insidious designs. The Malicious USB Exposer is a hardware circuit implementation with common USB connectors to plug in the device under test (DUT). It provides power to the DUT and uses a current sensor to determine the current draw from the cable. The output is a red LED bar-graph to show if the DUT is compromised. Unless, the DUT contains LEDs internally, any red LED output shows compromise. Active long USB cables intended to drive long distances produce a false positive and are not supported. The minimum current sensed is 10mA which is outside the range of normal USB cables with LEDs (4-6mA), and E-Marker chips (1mA). Though there is another malicious USB detector on the market it is created by a malicious USB cable supplier and designed to detect their cable. This project provides an open source solution for distinguishing USB cables to uncover a range of compromised cables from different vendors. Jaynie Shorb has a MS Cyber Security Engineering (MSCSE) and MSEE from the University of Washington. She worked at Zilog as an Analog Design Engineer designing analog front ends for the ez80 microprocessor. She also worked at Broadcom delivering memory designs in both hardware and software. She began working at Microsoft on the Azure Sphere Team in 2020. She performed security research with Dr. Lagesse resulting in the following papers including Kevin Wu and Zealous Zhu Detecting Spies in IoT Systems Using Cyber-Physical Correlation and Automated Hidden Sensor Detection in Sensor-Rich Spaces. BSides Portland is a tax-exempt charitable 501(c)(3) organization founded with the mission to cultivate the Pacific Northwest information security and hacking community by creating local inclusive opportunities for learning, networking, collaboration, and teaching. Twitter - @BSidesPDX