AMI: Warning: Be Careful with Free USB Devices!

July 19, 2018 ~ hucktech ~ Leave a comment

Is it unsafe to take free USB swag from strangers? Here's our take on it: https://t.co/8okX6KSeVu pic.twitter.com/MbdkoJjFO1

— American Megatrends (@AMI_PR) July 18, 2018

https://ami.com/en/tech-blog/warning-be-careful-with-free-usb-devices/

ElcomSoft: USB Restricted Mode inside out

July 14, 2018 ~ hucktech ~ Leave a comment

V. Katalov, “USB Restricted Mode Inside Out” (via @ElcomSoft blog) https://t.co/nV9dhbW3ZW

— Arrigo Triulzi (@cynicalsecurity) July 13, 2018

USB Restricted Mode Inside Out https://t.co/sVoEHqpDUM

— DFIR Training (@DFIRTraining) July 12, 2018

https://blog.elcomsoft.com/2018/07/usb-restricted-mode-inside-out/

ElcomSoft: This $39 Device Can Defeat iOS USB Restricted Mode

July 10, 2018 ~ hucktech ~ Leave a comment

[…]In other words, we have found no obvious way to break USB Restricted Mode once it is already engaged. However, we discovered a workaround, which happens to work exactly as we suggested back in May[…]

https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/

Apple: Using USB accessories with iOS 11.4.1 and later

July 9, 2018 ~ hucktech ~ Leave a comment

https://t.co/Wn3UNHjg5W

Using USB accessories with iOS 11.4.1 and later

— mikeymikey (@mikeymikey) July 9, 2018

https://twitter.com/zackwhittaker/status/1016396807440666626

https://support.apple.com/en-us/HT208857

USB Pwny Express – Counterfeit USB Devices and Anti-Forensics

July 4, 2018 ~ hucktech ~ Leave a comment

USB Pwny Express – Counterfeit USB Devices and Anti-Forensics https://t.co/SLJXMySi8R

— DFIR Training (@DFIRTraining) July 3, 2018

[…]USB Hardware, Counterfeit USB Devices, and Firmware Mayhem[…]

https://www.gillware.com/forensics/blog/articles/counterfeit-usb-devices-antiforensics/

Two more BadUSB-related articles

June 25, 2018 ~ hucktech ~ Leave a comment

How to create "trojanized" USB key for redteam/social engineering using ADS, shortcuts, HTA, macro_pack, etc. Drop DLL payload with stealth, no knowledge of target file-system, and no Internet connection.https://t.co/oyVOlCxhmB

— Emeric Nasi (@EmericNasi) June 23, 2018

http://blog.sevagas.com/?Advanced-USB-key-phishing

#ICYMI Unit 42 looked into the Tick group's tactic of weaponizing secure USB drives to target air-gapped critical systems. Get the full report https://t.co/ld3i87vdql

— Palo Alto Networks (@PaloAltoNtwks) June 24, 2018

https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/

WiFi HID Injector – An USB Rubberducky / BadUSB On Steroids

June 25, 2018 ~ hucktech ~ 1 Comment

WHID –#WiFi HID Injector – An USB #Rubberducky / #BadUSB On Steroids
Author: @LucaBongiorni
cc @WHID_Injector #BlackHatArsenal https://t.co/47DB5bo4Cz

— Hack with GitHub (@HackwithGithub) June 25, 2018

https://github.com/whid-injector/WHID

WooKey: USB Devices Strike Back

June 19, 2018 ~ hucktech ~ Leave a comment

If u are in embedded systems security, #USB, #CortexM, #DFU, secure element and #ukernel our #SSTIC paper[EN] : #WooKey : USB devices strike is online : https://t.co/BRsX8sWZB3

— Mathieu RENARD (@GotoHack) June 18, 2018

WooKey: USB Devices Strike Back
Date : 13 juin 2018 à 17:15 — 30 min.

The USB bus has been a growing subject of research in recent years. In particular, securing the USB stack (and hence the USB hosts and devices) started to draw interest from the academic community since major exploitable flaws have been revealed by the BadUSB threat. The work presented in this paper takes place in the design initiatives that have emerged to thwart such attacks. While some proposals have focused on the host side by enhancing the Operating System’s USB sub-module robustness, or by adding a proxy between the host and the device, we have chosen to focus our efforts on the device side.

https://www.sstic.org/2018/presentation/wookey_usb_devices_strike_back/

Click to access SSTIC2018-Slides-wookey_usb_devices_strike_back-michelizza_lefaure_renard_thierry_trebuchet_benadjila_WUAopX7.pdf

CIRCLean: USB Sanitizer

June 18, 2018 ~ hucktech ~ Leave a comment

Il peut être utile de s’intéresser à des solutions ouvertes pour limiter les risques liés aux clés USB.https://t.co/KbAxa3ziHm https://t.co/eRGGBrOw3w

— Bertrand (@belathoud) June 16, 2018

https://www.circl.lu/projects/CIRCLean/

Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection (as an example Lost USB keys have 66% chance of malware). CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. The focus of CIRCLean is to establish document exchange even if the used transport layer (the USB stick) cannot be trusted or if there is a suspicion about whether the contained documents are free of malware or not. In the worst case, only the CIRCLean would be compromised, but not the computer reading the target (trusted) USB key/stick. The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer. CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.[…]

CIRCLean logo

more on WebUSB and recent YubiCo vuln

June 17, 2018June 17, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/06/14/yubico-vs-security-researchers/

here’s a bit more on WebUSB and recent YubiKey vuln, latter blog post has great background on WebUSB tech.

I tried to order my thoughts and the events of the crazy last two days of WebUSB vulnerabilities, actions of @Yubico, and disclosure madness in a blogpost:https://t.co/w1iX212bPC

— Markus Vervier (@marver) June 16, 2018

http://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html

Since we are talking a lot about credit today, here is some research by @flx1101 on WebUSB. It was published last year and should have scared everyone: https://t.co/0vP8NGFRrP

— Markus Vervier (@marver) June 15, 2018

https://labs.mwrinfosecurity.com/blog/webusb/

https://developers.google.com/web/updates/2016/03/access-usb-devices-on-the-web

From intro paragraph of Google’s intro to WebUSB (emphasis theirs):

“[…]But most importantly this will make USB safer and easier to use by bringing it to the Web.”

LOL

PS: Anyone here a Wikipedia editor? This page needs an entry for WebUSB:

https://en.wikipedia.org/wiki/Category:USB

and perhaps a dedicated page for WebUSB not just:

https://en.wikipedia.org/wiki/Google_Chrome

Besides WebUSB and Wireless USB, what other scary OOB interfaces to USB exist?! I really need to spend more time learning USB properly…

Un-Sexy Headline: USB Restricted Mode Will Improve iPhone User Security

June 15, 2018 ~ hucktech ~ Leave a comment

New blog post: USB Restricted Mode in iOS 12 is good news and everyone reporting on it should stop with the "it'll block law enforcement" headlines, please and thank you. https://t.co/3B1rBPrnFV

— Riana Pfefferkorn (@Riana_Crypto) June 14, 2018

By Riana Pfefferkorn on June 14, 2018 at 4:01 pm

In the upcoming version of the Apple iPhone iOS operating system, iOS 12, the phone’s Lightning cable port (used for charging and data transmission) will be disabled an hour after the phone is locked. The device will still charge, but transferring data to or from the device via the Lightning cable will require entering the device’s password first. Connecting to the data port via Lightning cable is what third-party forensic devices called Cellebrite and GrayKey rely upon to extract data from locked, encrypted iPhones. These tools (made, respectively, by the eponymous Cellebrite and a company called Grayshift) are employed by U.S. law enforcement agencies at federal, state, and local levels. Unsurprisingly, just about everybody covering the story is framing Apple’s move as one that will thwart law enforcement.[…]

https://cyberlaw.stanford.edu/blog/2018/06/un-sexy-headline-usb-restricted-mode-will-improve-iphone-user-security

USB Hub Bug Hunting and Lessons Learned

May 28, 2018May 28, 2018 ~ hucktech ~ Leave a comment

My recent efforts with USB hub driver debugging, how USB driver troubleshooting is generally goes, and some lessons learned along the way.https://t.co/LE1scpHUDH pic.twitter.com/WZciOtrdmJ

— Paul Stoffregen (@PaulStoffregen) May 27, 2018

In this article I’ll show how a protocol analyzer is used, how my instincts turned out to be very wrong, and along the way dive into arcane USB details you probably won’t see explained anywhere else.[…]

https://www.pjrc.com/usb-hub-bug-hunting-lessons-learned/

USB Reverse Engineering: A Universal Guide

May 26, 2018 ~ hucktech ~ Leave a comment

A comprehensive hardware and software guide for USB reverse engineering https://t.co/782piQJyAj

— hackaday (@hackaday) May 26, 2018

USB Reverse Engineering: A Universal Guide
by: Ben James
May 25, 2018

[Glenn ‘devalias’ Grant] is a self-proclaimed regular rabbit hole diver and is conscious that, between forays into specific topics, short-term knowledge and state of mind can be lost. This time, whilst exploring reverse engineering USB devices, [Glenn] captured the best resources, information and tools – for his future self as well as others. His guide is impressively comprehensive, and covers all the necessary areas in hardware and software.[…]

USB Reverse Engineering: A Universal Guide

The Evil Mouse Project

May 23, 2018 ~ hucktech ~ Leave a comment

For a little over 30€, you can make an evil mouse for #redteam exercise. 👌
You will be able to control a computer & exfiltrate the data:
Data will be sent to a newly created serial port & saved on the evil HID device. Attacker close enough will be able to download these files. https://t.co/Q6Fq1Fv6KR

— Requiem (@Requiem_fr) May 23, 2018

Inspired by a talk at this year's @wearetroopers conference, @xme decided to create an "evil mouse" https://t.co/rg8pnPT9er pic.twitter.com/fqR4xiqxuV

— Virus Bulletin (@virusbtn) May 23, 2018

Conclusion: Never trust USB devices (and not only storage devices…)

https://blog.rootshell.be/2018/05/22/evil-mouse-project/

Spoofing Cell Networks with a USB to VGA Adapter

April 24, 2018 ~ hucktech ~ Leave a comment

In Aviation no one seems to be loosing sleep on this…(?) People seem confident that technology like RAIM will prevent spoofing. Yet, it has only been designed to detect _accidental_ signal inconsistencies, not purposely-injected ones.@AndreaBarisani ? https://t.co/ODz1fS9c31

— Joanna Rutkowska (@rootkovska) April 24, 2018

With a cheap VGA adapter, you can now spoof GPS and cell networks. https://t.co/iSI4zLe5Jl

— hackaday (@hackaday) April 23, 2018

Spoofing Cell Networks with a USB to VGA Adapter

Bad Ducky: Rubber Ducky compatible clone based on CJMCU BadUSB HW

April 11, 2018April 11, 2018 ~ hucktech ~ Leave a comment

The below articles point to related tools, besides the Hak5 Rubber Ducky.

https://github.com/mharjac/bad_ducky

Bad USB (rubber ducky) in 10.54$ (685INR)| Ethical Hacking | HD | 2018: https://t.co/fR9D9hHHnM via @YouTube

— Yogesh Khandge (@anonymous9396) April 9, 2018

https://www.kitploit.com/2018/04/bad-ducky-rubber-ducky-compatible-clone.html

https://www.digitalmunition.me/2018/04/bad-ducky-rubber-ducky-compatible-clone-based-cjmcu-badusb-hw/

See-also:

https://ducktoolkit.com/viewscript/all/

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

USB Rubber Ducky

list of 29 USB-based attacks

March 14, 2018 ~ hucktech ~ Leave a comment

Here's a List of 29 Different Types of USB Attacks https://t.co/NGST6xDny8 #USB #infosec #research pic.twitter.com/q4Ay061zb4

— Catalin Cimpanu (@campuscodi) March 14, 2018

USB-based attacks
Nir Nissim, Ran Yahalom, Yuval Elovici
Attackers increasingly take advantage of innocent users who tend to use USB peripherals casually, assuming these peripherals are benign when in fact they may carry an embedded malicious payload that can be used to launch attacks. In recent years, USB peripherals have become an attractive tool for launching cyber-attacks. In this survey, we review 29 different USB-based attacks and utilize our new taxonomy to classify them into four major categories. These attacks target both individuals and organizations; utilize widely used USB peripherals, such as keyboards, mice, flash drives, smartphones etc. For each attack, we address the objective it achieves and identify the associated and vulnerable USB peripherals and hardware.

https://doi.org/10.1016/j.cose.2017.08.002
https://www.sciencedirect.com/science/article/pii/S0167404817301578

https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/

USB attacks

UefiUsbScan.efi: Scan USB host controllers and connections, written in FASM

March 7, 2018 ~ hucktech ~ Leave a comment

UefiUsbScan: Scan for USB host controllers and connections, current version use direct PCI/MMIO hardware access. Only xHCI controllers supported yet, not supports UHCI, OHCI, EHCI.

https://github.com/manusov/UEFIusbScan

X41 D-Sec GmbH browser security whitepaper: WebUSB, WebBluetooth, WebSMM

March 3, 2018 ~ hucktech ~ Leave a comment

I remember times when we'd consider it only as a _joke_ if someone said: "WebUSB"…

Now eagerly awaiting "WebSMM"! https://t.co/NiSHwOWgKx

— Joanna Rutkowska (@rootkovska) March 2, 2018

Several asked about a paper covering the WebUSB attacks. We covered WebUSB and WebBluetooth in chapter 13 of our X41 browser security white paper: https://t.co/efbUbyWci4

— Markus Vervier (@marver) March 3, 2018

This white paper provides a technical comparison of the security features and attack surface of Google Chrome, Microsoft Edge, and Internet Explorer. We aim to identify which browser provides the highest level of security in common enterprise usage scenarios, and show how differences in design and implementation of various security technologies in modern web browsers might affect their security. Comparisons are done using a qualitative approach since many issues regarding browser security cannot easily be quantified. We focus on the weaknesses of different mitigations and hardening features and take an attacker’s point of view. This should give the reader an impression about how easy or hard it is to attack a certain browser. The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition that Google would not interfere with our testing methodology or control the content of our paper. We are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have attempted to eliminate this by being as transparent as possible about our decision-making processes and testing methodologies.

Click to access X41-Browser-Security-White-Paper.pdf

https://www.x41-dsec.de/#about

https://www.x41-dsec.de/security/report/whitepaper/2017/09/18/whitepaper-x41-browser-security/

TinyFPGA bootloader moves

January 31, 2018 ~ hucktech ~ Leave a comment

The TinyFPGA Bootloader has been moved into its own github repo. I've added a couple of fixes, but not much else besides that. If you want to contribute or follow along this is the repo to fork. https://t.co/WtznoqAHyU

— Luke Valenty (@TinyFPGA) January 31, 2018

https://github.com/tinyfpga/TinyFPGA-Bootloader

“An open source USB bootloader for FPGAs”