Attacking encrypted USB keys the hard(ware) way - Blackhat USA 2017 скачать в хорошем качестве

Attacking encrypted USB keys the hard(ware) way - Blackhat USA 2017

This talk showcases the methodology we use to pentest encrypted USB key and some of the vulnerabilities we uncovered while developing this methodology. More information at https://elie.net/talk/attacking-encry... Video chapters: 0:00 Introduction 2:06 Key inner-working 5:41 Audit methodology 8:15 Defensive manufacturing 11:42 Input security 18:10 Controller security 25:29 Cryptography 27:40 Storage security 36:10 Takeaways and conclusion Presented at Blackhat 2017 Abstract Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data. In this talk, we will present our methodology to assess "secure" USB devices both from the software and the hardware perspectives. We will demonstrate how this methodology works in practice via a set of case-studies. We will demonstrate some of the practical attacks we found during our audit so you will learn what type of vulnerability to look for and how to exploit them. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice.