Presentations - Behind the Rabbit and beyond the USB

  • Location: Security Theater
  • Speaker: Zoltán Wollner
  • Date and time: 20. October 2017. 10:35 - 10:55

One of the most important challenges as of today is to provide end-users with the widest range of devices and laptops to meet their needs. One downside of this development is that the hitherto usual connectors like the Ethernet interface can’t fit into these devices. As a result, new solutions called dongles are emerging to connect the old devices (Ethernet cable) to the notebook. This trend can be observed especially at the Ultrabook and the Macbook market. But these dongles can raise significant IT security issues. Imagine the situation, when the attacker can physically connect to the target computer or by using social engineering to persuade the victim to use the modified hardware. Or during a server room visit, it is possible to connect the attacker device to one of the servers for a few seconds. This method can steal information or install malicious code on the target device. A critical question is whether the dongles that are available at different web shops are clean or do they serve other "hidden" features? What happens when someone updates the firmware on this dongle?

In my presentation, I will demonstrate what kind of dangers may the unknown USB devices have. Also, I will draw attention to what other features of today's technology can be used to put in the innocent devices from the outside. It can be either a gigabit Ethernet adapter, a serial device, a flash storage, or a keyboard. With this attack method, you can obtain sensitive data from a particular device, but you can quickly implement a backdoor or other malicious code.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical