Exposing Malicious USB Cables - BSides Portland 2022
HTML-код
- Опубликовано: 18 окт 2022
- Universal Serial Bus (USB) cables are ubiquitous with many uses connecting a wide variety of devices such as audio, visual, and data entry systems and charging batteries. Electronic devices have decreased in size over time and they are now small enough to fit within the housing of a USB connector. There are harmless 100W USB cables with embedded E-marker chips to communicate power delivery for sourcing and sinking current to charge mobile devices quickly. However, some companies have designed malicious hardware implants containing key-loggers and other nefarious programs in an effort to extract data from victims. Any system compromise that can be implemented with a keyboard is possible with vicious implants. This project designs a malicious hardware implant detector by sensing current draw from the USB cable which exposes these insidious designs.
The Malicious USB Exposer is a hardware circuit implementation with common USB connectors to plug in the device under test (DUT). It provides power to the DUT and uses a current sensor to determine the current draw from the cable. The output is a red LED bar-graph to show if the DUT is compromised. Unless, the DUT contains LEDs internally, any red LED output shows compromise. Active long USB cables intended to drive long distances produce a false positive and are not supported. The minimum current sensed is 10mA which is outside the range of normal USB cables with LEDs (4-6mA), and E-Marker chips (1mA). Though there is another malicious USB detector on the market it is created by a malicious USB cable supplier and designed to detect their cable. This project provides an open source solution for distinguishing USB cables to uncover a range of compromised cables from different vendors.
Jaynie Shorb has a MS Cyber Security Engineering (MSCSE) and MSEE from the University of Washington. She worked at Zilog as an Analog Design Engineer designing analog front ends for the ez80 microprocessor. She also worked at Broadcom delivering memory designs in both hardware and software. She began working at Microsoft on the Azure Sphere Team in 2020. She performed security research with Dr. Lagesse resulting in the following papers including Kevin Wu and Zealous Zhu Detecting Spies in IoT Systems Using Cyber-Physical Correlation and Automated Hidden Sensor Detection in Sensor-Rich Spaces.
BSides Portland is a tax-exempt charitable 501(c)(3) organization founded with the mission to cultivate the Pacific Northwest information security and hacking community by creating local inclusive opportunities for learning, networking, collaboration, and teaching.
Twitter - @BSidesPDX 
Наука
2k views? This should have 20 million....
This is truly scary stuff....
Is there a circuit diagram of the USB Exposer available anywhere online? Great video, and thanks for sharing!
The event viewer many many events that are populating on my PC with absolutely no networking hardware installed all have some aspects of the event labeled as InputHID. Could this be relevant?
Are cell phone companies intentionally sending out malicious USB charging cables? More particularly, companies that are US GOVERNMENT CONTRACTS providing ACP/Lifeline cellular service to MILLIONS of unsuspecting, low-income US citizens?? I have a couple of these. My PC starts making software changes to hardware elements like power and system devices EVEN AFTER REMOVING MY WIFI AND BLUETOOTH ADAPTERS COMPLETELY FROM THE INSIDE. (I.E. no external peripherals plugged in at all EXCEPT the USB that I got from SafeLink, then from AirVoice Wireless, not to mention that other company called Excess Telecom. Yeah, all of these companies are seemingly not even located in the US, but are offering free devices under the United States ACP and Federal Lifeline benefits. At this point, I think the damage is irreversible if I'm right at all.) Can I share images of my USB cables anywhere for expert opinion??
no dude youre schizophrenic the government wouldn't waste money on implants when all your data is at their fingertips