USB Drive Threats
Author: Andrey Biryukov
Up-to-date computers are hardly protected from threats of USB devices connected to them. For instance, if a connected device emulates a keyboard, then it can perform any action with the privileges of a current user. The speaker will demonstrate such a device and the way to program it, as well as real attacks and protection techniques.
The main purpose of the report is to illustrate how modern computers are vulnerable to attacks that exploit HID USB devices. Though the attack concept was already known in 2010, the majority of systems still allow any USB drive to be connected. The report will touch upon the Teensy board and current projects on how to use Teensy for information security tasks (Kautilya ...). A series of attacks exploiting this device will also be demonstrated. The report has a practical emphasis and will be interesting to technical specialists: system administrators, information security specialists and pentesters.
The speaker will also show how to work with Teensy.
Andrey graduated from the Moscow Aviation Institute specializing in applied mathematics. He has been working as a System Architect at Informzaschita since 2010. He is also a regular author and editor of the Systemny Administrator Magazine. Last year Andrey delivered his report about Raspberry Pi at PHDays 2013.