Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions presented at HITBSecConf Malaysia 2013

by Andy Davis,

Summary : Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a security researcher when you are faced with one of these “black boxes” to test, sometime in-situ, it is difficult to know where to start. However, if there is a USB port on the device there is useful information that can be gained.
This talk is about using techniques to analyze USB stack interactions to provide information such as the OS running on the embedded device, the USB drivers installed and devices supported. The talk will also cover some of the more significant challenges faced by researchers attempting to exploit USB vulnerabilities using a Windows 8 USB bug recently discovered by the presenter (ms13-027) as an example.
The talk will also include a demo of a tool called umap that performs USB driver enumeration, OS identification and USB enumeration-based and class-specific host fuzzing. The latest version of the tool can emulate all the common USB device classes.