DerbyCon just finished. Brandon Wilson gave a presentation called “Intercepting USB Traffic for Attack and Defense”
BadUSB reminded the world about the dangers of maliciously intelligent USB devices such as flash drives with modified firmware, but little has been released to effectively defend against the threat. A customizable man-in-the-middle USB connection can not only do that, but provide even more benefits to both attackers and defenders, such as modifying or denying specific traffic (similar to a USB write blocker) or bypassing mass storage restrictions in a locked-down corporate environment. In this talk, I will explain how to easily assemble a USB passthrough device using cheap, existing hardware and flash it to either attack ‘secure’ environments, or isolate yourself from untrustworthy or potentially malicious peripherals. Instructions for purchasing the hardware, assembling it, and code for several different scenarios will be released and demonstrated.
Brandon Wilson is an independent security researcher and software developer. He has more than a decade of experience in reverse-engineering embedded systems and protocols, from graphing calculators to gaming consoles to flash drives. He has appeared in numerous publications such as the Wall Street Journal and Wired, and also collects DMCA takedown notices for fun.
Video of the presentation (this video crashed my browser, so don’t view this link if you have anything important in your browser):