Threat Spotlight: USB Devices Gone Rogue

Introduction

Hak5 recently released a new tool dubbed Bash Bunny. The tool is a reprogrammed USB device that provides all sorts of fun pen-testing scenarios. While device security is a hot-button issue today, there are many ways to thwart these attacks and not all of them require cutting edge security technology. In many cases, the simplest solution is maintaining physical control of your devices and not plugging in untrusted USBs. With the advent of cloud file sharing sites, this advice is easier than ever to follow.

In this blog, we will unravel the mechanics behind USB flash drives and show you how they operate. We will touch on how USB flash drive controller firmware is vulnerable to reprogramming and the risk it carries. Next, we will talk about HAK5’s Rubber Ducky and Bash Bunny USB flash drive attack tools. Then, we will provide suggestions to help mitigate against physical security threats.

Before we get started, I would like to divide our information into the following sections:

  • The Mechanics of USB Flash Drives
  • USB Controller Firmware Reprogramming
  • Bash Bunny and Rubber Ducky
  • Protecting the Physical Perimeter

The Mechanics of USB Flash Drives

A USB flash drive contains a Processor, Bootloader, RAM, Firmware, a USB Controller, LEDs, and a Mass Storage Device inside.

 

Figure 1: Under The Hood of USB Flash Drives

The USB Bootloader is used to load and store firmware in RAM (random-access memory) on execution. The USB Controller is used to manage read and write data queries made to the Mass Storage unit. The Mass Storage unit stores data on a non-volatile media, such as a ROM (read-only memory) chip.

USB flash drives operate over a protocol called USB (universal serial bus). Interrupt requests are sent to and from a USB device and a host controller over a (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Threat Guidance Team. Read the original post at: Cylance Blog