Fengwei Zhang
ABSTRACT
The security of the USB protocol has been paid extensive attention to because of its wide usage. Due to the trust-by-default characteristics, USB security has caused severe problems. In this work, we extended BadUSB to support the new USB Type-C features and proposed a multi-mode attack model, BadUSB-C. This obtains UI status to make attacks more precise and effective. To the best of our knowledge, BadUSB-C is the first attack model utilizing USB Type-C. To validate the usability and effectiveness, we conducted extensive experiments to simulate daily usage and summarized the private information collected. We also discussed the recommended countermeasures for our attack model, including isolated UI rendering, which may be inspiring for future research on defense methods. This paper describes the journey of discovering BadUSB-C in my CS315 Computer Security course taught in the Fall 2020 semester.
- Common vulnerabilities and exposures, 2020.Google Scholar
- I. M. R. S. Apple, Hewlett-Packard and T. Instruments. Universal serial bus 3.2 specification, 2017.Google Scholar
- EverybodyWiki. List of devices with video output over usb-c, 2021.Google Scholar
- R. P. Foundation. Raspberry pi 4B, 2019.Google Scholar
- I. HP et al. Universal serial bus 3.0 specification, 2008.Google Scholar
- I. HP et al. Universal serial bus 3.1 specification, 2013.Google Scholar
- M. T. Incorporated. ATmega32u4 chip, 2016.Google Scholar
- U. G. Limited. UGREEN company introduction, 2012.Google Scholar
- H. Lu, Y. Wu, S. Li, Y. Lin, C. Zhang, and F. Zhang. BadUSB-C: Revisiting BadUSB with Type-C. In 15th IEEE Workshop on Offensive Technologies, WOOT, 2021.Google Scholar
- K. Nohl and J. Lell. Badusb-on accessories that turn evil. Black Hat USA, 1(9):1--22, 2014.Google Scholar
- J. D. Tian, N. Scaife, D. Kumar, M. Bailey, A. Bates, and K. R. B. Butler. Sok: "plug & pray" today - understanding USB insecurity in versions 1 through C. In 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21--23 May 2018, San Francisco, California, USA, pages 1032--1047. IEEE Computer Society, 2018.Google ScholarCross Ref
- F. Zhang. Fall 2019 Semester: CS315 Computer Security. https://fengweiz.github.io/19fa-cs315/index.html, 2019.Google Scholar
- F. Zhang. Fall 2020 Semester: CS315 Computer Security. https://fengweiz.github.io/20fa-cs315/index.html, 2020.Google Scholar
Index Terms
- BadUSB-C: Revisiting BadUSB with Type-C
Recommendations
Defending Against Malicious USB Firmware with GoodUSB
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications ConferenceUSB attacks are becoming more sophisticated. Rather than using USB devices solely as a delivery mechanism for host-side exploits, attackers are targeting the USB stack itself, embedding malicious code in device firmware to covertly request additional ...
FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityThe USB protocol has become ubiquitous, supporting devices from high-powered computing devices to small embedded devices and control systems. USB's greatest feature, its openness and expandability, is also its weakness, and attacks such as BadUSB ...
Making Whitelisting-Based Defense Work Against BadUSB
ICSDE'18: Proceedings of the 2nd International Conference on Smart Digital EnvironmentUniversal serial bus (USB) devices have widespread use in different computing platforms, including IoT gadgets, but this popularity makes them attractive targets for exploits and being used as an attack vector by malicious software. During recent years, ...
Comments