Search for vulnerabilities in USB Battery: approaches and tools presented at SSTIC 2014

by Fernand Lone Blood, Jordan Bouyat,

Summary : USB is now widely adopted and the interface tends to spread quickly. Indeed, it is not uncommon to find ports or USB connectors on the objects we use every day (computers, smartphones, etc.).. The USB input is in the habits of computer users and is often a preferred means attack. USB keys, for example, are sometimes sought after by attackers to successfully introduce into computer systems of organizations, even when they have a high level of security. In addition, the USB is also an excellent attack vector. In eet, is simply a transport protocol for other specic protocols (SCSI, SATA, etc..) USB allows to cover a wide area of ​​attack in the lower layers of the operating systems. For these reasons, it is interesting to find vulnerabilities in USB batteries in dierent systems. Because most systems are closed and their sources are not available, the search for vulnerabilities by fuzzing the USB proves to be the most appropriate for analysis often conducted in black box. This article is a feedback when the implementation of a USB fuzzer for Windows platforms (XP and 7) and presents some ideas that we have begun to implement to extend the fuzzer to other versions Windows (including Windows 8 USB 3.x battery) and then to other systems, both in their roles host or device.