USBHarpoon Is a BadUSB Attack with A Twist



USB Charging Actually Poses Security Risks – Hacking a Laptop via a USB-C Adapter

Smartphones have been charged over USB for many years, but with the advance of USB type-C now even laptops may be charged over USB, instead of the typical DC power barrel jack.[…]

Two more BadUSB-related articles

WooKey: USB Devices Strike Back

WooKey: USB Devices Strike Back
Date : 13 juin 2018 à 17:15 — 30 min.

The USB bus has been a growing subject of research in recent years. In particular, securing the USB stack (and hence the USB hosts and devices) started to draw interest from the academic community since major exploitable flaws have been revealed by the BadUSB threat. The work presented in this paper takes place in the design initiatives that have emerged to thwart such attacks. While some proposals have focused on the host side by enhancing the Operating System’s USB sub-module robustness, or by adding a proxy between the host and the device, we have chosen to focus our efforts on the device side.


CIRCLean: USB Sanitizer

Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection (as an example Lost USB keys have 66% chance of malware). CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. The focus of CIRCLean is to establish document exchange even if the used transport layer (the USB stick) cannot be trusted or if there is a suspicion about whether the contained documents are free of malware or not. In the worst case, only the CIRCLean would be compromised, but not the computer reading the target (trusted) USB key/stick. The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer. CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.[…]

CIRCLean logo

more on WebUSB and recent YubiCo vuln


here’s a bit more on WebUSB and recent YubiKey vuln, latter blog post has great background on WebUSB tech.

From intro paragraph of Google’s intro to WebUSB (emphasis theirs):

“[…]But most importantly this will make USB safer and easier to use by bringing it to the Web.”


PS: Anyone here a Wikipedia editor? This page needs an entry for WebUSB:

and perhaps a dedicated page for WebUSB not just:

Besides WebUSB and Wireless USB, what other scary OOB interfaces to USB exist?! I really need to spend more time learning USB properly…

Un-Sexy Headline: USB Restricted Mode Will Improve iPhone User Security

By Riana Pfefferkorn on June 14, 2018 at 4:01 pm

In the upcoming version of the Apple iPhone iOS operating system, iOS 12, the phone’s Lightning cable port (used for charging and data transmission) will be disabled an hour after the phone is locked. The device will still charge, but transferring data to or from the device via the Lightning cable will require entering the device’s password first. Connecting to the data port via Lightning cable is what third-party forensic devices called Cellebrite and GrayKey rely upon to extract data from locked, encrypted iPhones. These tools (made, respectively, by the eponymous Cellebrite and a company called Grayshift) are employed by U.S. law enforcement agencies at federal, state, and local levels. Unsurprisingly, just about everybody covering the story is framing Apple’s move as one that will thwart law enforcement.[…]

USB Hub Bug Hunting and Lessons Learned

In this article I’ll show how a protocol analyzer is used, how my instincts turned out to be very wrong, and along the way dive into arcane USB details you probably won’t see explained anywhere else.[…]

USB Reverse Engineering: A Universal Guide

USB Reverse Engineering: A Universal Guide
by: Ben James
May 25, 2018

[Glenn ‘devalias’ Grant] is a self-proclaimed regular rabbit hole diver and is conscious that, between forays into specific topics, short-term knowledge and state of mind can be lost. This time, whilst exploring reverse engineering USB devices, [Glenn] captured the best resources, information and tools – for his future self as well as others. His guide is impressively comprehensive, and covers all the necessary areas in hardware and software.[…]

USB Reverse Engineering: A Universal Guide


The Evil Mouse Project

Conclusion: Never trust USB devices (and not only storage devices…)

The Evil Mouse