USB: Undermining Security Barriers presented at BlackhatUSA 2011

by Andy Davis,


Summary : Although the concept of identifying and exploiting vulnerabilities in USB drivers is not new, the approach presented here will be, as it provides the capability to test any USB platform or device (previous techniques have been either device or USB-host dependent). Although the new approach is quite simple, its effectiveness has been clearly demonstrated over the past few months by identifying vulnerabilities in USB drivers of many of the well-known operating systems in use today. The presentation will cover typical USB vulnerability classes and also discuss the implications of this type of vulnerability for Endpoint security products.