Cyber Security

Total Page:16

File Type:pdf, Size:1020Kb

Load more

INDUSTRIAL CYBER SECURITY Ammar Alzaher USBS BEHAVING BADLY April 18, 2019 HOW TO CONTROL USB USAGE IN OPERATIONAL NETWORKS 2 Which one is safe? Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 3 USB Doppelgangers! USBHarpoon O.MG Cable Rubber Ducky Bash Bunny USBs Behaving Badly Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 4 The State of USB Security The State of USB Security Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 5 Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 6 How likely is: a malicious file trying to enter your site through an ?% USB device? Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 7 This is what we found… Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 8 Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 9 50 4+ 4 Locations Industries Continents Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 10 Potential to cause major disruption to an industrial control system 26% e.g. loss of view or loss of control Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 11 Are well-known threats 15% e.g. Mirai, Stuxnet, TRITON, WannaCry Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 12 The State of USB Security Threats are Changing… Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 13 For example, this: May pretend to be this: 14 SMX Protects Against Advanced USB Threats • Manipulation of USB firmware. BadUSB • USB device will act as a HID - Human Interface Device (e.g. a keyboard), and can execute scripts. • A keystroke injection tool disguised as generic USB drive. • Computer recognizes the USB as a “normal” keyboard and automatically executes Rubber the preprogrammed rubber ducky scripts. Ducky • Execution speed around 1000 words per minute! • A fully featured Linux computer with the ability to execute all Rubber ducky scripts, as well Bash as more complex attacks leveraging data connections (e.g. Ethernet over USB or Bunny Ethernet control model - ECM) • Can also impersonate mass storage or serial devices IncreasingThreatComplexity Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 15 USB Device Attack Categories Visualized TURNIPSCHOOL (COTTONMOUTH-1) Unintended USB USB Killer Autorun exploits channels Attacks on wireless Buffer overflow Driver update USB dongles USBHarpoon 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018+ Cold boot Rubber Ducky RIT attack via USB Thief O.MG Cable USB mass storage PHUKD/URFUKED USBee attack Attack Categories* Smartphone based HID attacks USBdriveby DNS override by Programmable modified USB firmware .LNK Stuxnet/Fanny Evilduino Microcontrollers USB flash drive exploit Keyboard emulation by Default gateway modified USB firmware Data hiding on override Maliciously USB mass storage Hidden partition patch Re-programed USB Backdoor into Peripherals air-gapped hosts Password protection USB port Attacks on bypass patch smartphones Device firmware Not Re-programed upgrade (DFU) Virtual machine Peripherals break-out Root sector virus iSeeYou: Disabling the Electrical MacBook webcam indicator LED * Ben Gurion University of the Negev, 2017 Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 16 USB Device Attack Categories Visualized USB Peripheral Persona of USB Connected Micro-controller Host ATTACK Rubber Ducky ✔ ✔ PHUKD /URFUKED ✔ ✔ ✔ USB driveby ✔ ✔ ✔ Evilduino ✔ ✔ ✔ Unintended USB Channel ✔ ✔ ✔ TURNIPSCHOOL(COTTONMOUTH-1) ✔ ✔ ✔ RIT attack via USB mass storage ✔ ✔ Attacks on wireless USB dongles ✔ ✔ ✔ Default Gateway Override ✔ ✔ Smartphone based HID attacks ✔ ✔ ✔ DNS override by modified USB firmware ✔ ✔ ✔ ✔ ✔ ✔ ✔ Keyboard emulation by modified USB firmware ✔ ✔ ✔ ✔ ✔ ✔ ✔ Hidden Partition Patch ✔ ✔ Password protection bypass patch ✔ ✔ Virtual Machine Break-Out ✔ ✔ Boot Sector Virus ✔ ✔ ✔ iSeeYou ✔ ✔ ✔ .LNK Stuxnet /Fanny ✔ ✔ USB Backdoor into air-gapped hosts ✔ ✔ Data hiding on USB Mass Storage drive ✔ ✔ Autorun exploits ✔ ✔ Cold Boot ✔ ✔ Buffer Overflow ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Driver Update ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Device Firmware Upgrade (DFU) ✔ ✔ ✔ ✔ ✔ ✔ ✔ USB Thief ✔ ✔ Attacks on smartphones via the USB port ✔ ✔ USBee attack ✔ ✔ ✔ ✔ ✔ ✔ ✔ USB Killer ✔ Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 17 What We Learned • Relying solely on the USB Device information is not good enough • What the USB device reports is not definitive!!! What matters is how the OS treats the device - OS decision process is complex, taking into account many factors - The driver the OS chooses may be “OS Standard” or “Vendor Specific”… makes all the difference Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 18 The State of USB Security The Myths of USB Security Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 19 Common Myth “Locked USB Ports” Myth: “We lock down USB ports. This prevents all USB based attacks and USB borne malware.” Reality: • Many advanced USB and human interface device (HID) attacks such as BadUSB, Rubber Ducky and Bash Bunny are designed to circumvent these security measures by disguising as an approved device at the firmware level. Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 20 Common Myth “My AV Will Protect Us” Myth: “We have traditional Anti-Virus (AV) installed onsite. This will catch all inbound malware from USB drives.” Reality: • AV is not a be all end all solution to preventing malware brought in from removable media such as USB drives. • AV also requires the USB to be inserted on the workstation before it can be scanned. This can be problematic. Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 21 Common Myth “I Have AWL, This Will Protect Me From all Inbound Threats” Myth: “I have Application Whitelisting (AWL), this will keep me safe from all inbound malware” Reality: • AWL cannot stop “all inbound malware”, typically AWL will not prevent script/macro attacks embedded in authorized application files. Make sure your USB solution can do this. Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 22 The State of USB Security What Can We Do About It? Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 23 Apply What You Have Learned Today • Next week you should: - Assess existing USB defensive measures, considering all 3 attack types • In the next three months you should: - Complete an inventory of USB devices currently in use - Assess your supply chain: what USB devices are you using? • Within six months you should: - Adjust USB and removable media policies to account for your findings. - Consider technical controls to enforce these policies Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 24 Establish and follow good (USB) security basics 1 2 3 Enforce Monitor and Manage Consider all USB Technical Controls Network Traffic attack types 4 5 6 Patch and Harden Secure the USB device Deploy (and test!) End Nodes supply chain Backup and Recovery Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 25 TRUST (Trusted Response User Substantiation Technology) SMX ST Award winning Portable design Enterprise management capability Enforces USB device authorization Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved. 26 Why Customers Choose HON for Industrial Cyber Security End-To-End Solutions • Trusted partner for industrial cyber security • Complete portfolio of industry proven cyber security products, services & solutions • Operational Technology (OT) domain expertise • Vendor neutral solutions for site or enterprise deployments • Global capabilities and local presence Professional Security Managed Cyber Security 3rd Party Integrated Consulting Services Security Services Software Security Products © 2019 by Honeywell International Inc. All rights reserved. © 2019 by Honeywell International Inc. All rights reserved. Industry Proven Products, Services & Solutions 27 Thank you! To learn more, visit: http://becybersecure.com And never trust doppelgangers … Honeywell Confidential - © 2019 by Honeywell International Inc. All rights reserved..
Recommended publications
  • The Future of Human-Computer Interaction: Overview of Input Devices

    The Future of Human-Computer Interaction: Overview of Input Devices

    The future of human-computer interaction: overview of input devices Fabrizio Fornari School of Computer Science H´ask´olinn´ıReykjav´ık- Reykjav´ıkUniversity Reykjav´ık,Iceland November, 2012 Abstract We are in 2012 and we are still using the mouse and the keyboard to interact with a computer. We have seen a lot of changes in the world of Computer Science, relating to: performance, design and the way we interact with the computer. Differ- ent input devices have been developed around the computer, starting from the most recent touchscreens, continuing with webcams, microphones, and arriving to the oldest mice and keyboards. The aim of this research is to let the reader imagine a new way to interact with the computer. To reach our purpose, we introduce advanced technologies such as: Speech and Voice Recognition, Electronic Perception, Eye Tracking and Brain Computer In- terfaces. We propose examples of the cited technologies that may change the paradigm that saw, until now, keyboard and mouse as leaders of the input devices. 1 1 Introduction From the computer's birth1, we saw a lot of changes in the world of Com- puter Science. Changes relating to: performance, design and human-computer interaction [49]. A few years ago, the words \input device" evoked in our mind only two specific objects: the keyboard and the mouse - the main instruments used to provide data to a personal computer. Keyboard and mouse are, in fact, two of the first input devices in the history of computer. Nowadays, with the evolution of computers, we have a large set of input de- vices that changed the way we interact with the computer.
  • Orbit Reader 20™ User Guide

    Orbit Reader 20™ User Guide

    PROPRIETARY INFORMATION Orbit Reader 20™ User Guide 17th April, 2019 Version 2.5 Orbit Reader 20 – User guide Version 2.5 Contents 1 INTRODUCTION ------------------------------------------------------------------------------------------------ 5 2 HOW THE ORBIT READER 20 IS USED ---------------------------------------------------------------- 5 2.1 STAND-ALONE MODE ------------------------------------------------------------------------------------- 5 2.2 REMOTE MODE--------------------------------------------------------------------------------------------- 6 3 TRANSCRIBED BRAILLE ----------------------------------------------------------------------------------- 6 4 AUTOMATIC TRANSLATION------------------------------------------------------------------------------- 6 5 TRANSLATE BRAILLE --------------------------------------------------------------------------------------- 7 6 DOCUMENTATION CONVENTIONS --------------------------------------------------------------------- 7 7 IN THE BOX ----------------------------------------------------------------------------------------------------- 8 8 FEATURES ------------------------------------------------------------------------------------------------------ 8 9 ORIENTATION -------------------------------------------------------------------------------------------------- 8 9.1 KEY PLACEMENTS AND USE ----------------------------------------------------------------------------- 9 9.2 PANNING KEYS ------------------------------------------------------------------------------------------- 10 9.3
  • Siouxland Fabricating Inc.: Windows USB Devices List All Detected USB Devices (56 Items) Generated on Oct 02, 2014 @ 08:28 Am

    Siouxland Fabricating Inc.: Windows USB Devices List All Detected USB Devices (56 Items) Generated on Oct 02, 2014 @ 08:28 Am

    Siouxland Fabricating Inc.: Windows USB Devices List all detected USB devices (56 items) Generated on Oct 02, 2014 @ 08:28 am Name Product Identifier Manufacturer Vendor Identifier Number of Instances Service 3Dconnexion Space Pilot 3D Mouse C625 Logitech, Inc. 046D 1 Input 3Dconnexion SpacePilot PRO C629 Logitech, Inc. 046D 1 Unknown (LGPBTDD) 3Dconnexion SpacePilot Pro 3D Mouse C629 Logitech, Inc. 046D 1 Input ActiveJet K-2024 Multimedia Keyboard 0103 Elan Microelectronics Corp. 04F3 1 Input ASIX AX88772 USB2.0 to Fast Ethernet Adapter 7720 ASIX Electronics Corp. 0B95 1 Unknown (AX88772) Audio Adapter 000C C-Media Electronics, Inc. 0D8C 1 Input Bar Code Scanner 1200 Symbol Technologies 05E0 9 Input Basic Optical Mouse v2.0 00CB Microsoft Corp. 045E 1 Input Benq X120 Internet Keyboard Pro 001C Darfon Electronics Corp. 0D62 2 Input C-Media USB Headphone Set 000C C-Media Electronics, Inc. 0D8C 1 Audio Comfort Curve Keyboard 2000 V1.0 00DD Microsoft Corp. 045E 1 Input Cordless Mouse Receiver C50E Logitech, Inc. 046D 2 Input Cordless Mouse Receiver C521 Logitech, Inc. 046D 1 Input Dell N889 Optical Mouse 4D81 Primax Electronics, Ltd 0461 1 Input Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter 0189 Intel Corp. 8086 1 Bluetooth Keyboard 2003 Dell Computer Corp. 413C 3 Input Keyboard 2010 Dell Computer Corp. 413C 1 Input Keyboard K120 for Business C31C Logitech, Inc. 046D 1 Input Laptop Integrated Webcam 63E0 Microdia 0C45 1 Unknown (OEM13VID) Logitech Unifying USB receiver C52B Logitech, Inc. 046D 1 Unknown (LEQDUSB) M-BT96a Pilot Optical Mouse C03D Logitech, Inc. 046D 1 Input Microsoft USB Wheel Mouse Optical 0040 Microsoft Corp.
  • Chapter 12: Mass-Storage Systems

    Chapter 12: Mass-Storage Systems

    Chapter 12: Mass-Storage Systems Overview of Mass Storage Structure Disk Structure Disk Attachment Disk Scheduling Disk Management Swap-Space Management RAID Structure Disk Attachment Stable-Storage Implementation Tertiary Storage Devices Operating System Issues Performance Issues Objectives Describe the physical structure of secondary and tertiary storage devices and the resulting effects on the uses of the devices Explain the performance characteristics of mass-storage devices Discuss operating-system services provided for mass storage, including RAID and HSM Overview of Mass Storage Structure Magnetic disks provide bulk of secondary storage of modern computers Drives rotate at 60 to 200 times per second Transfer rate is rate at which data flow between drive and computer Positioning time (random-access time) is time to move disk arm to desired cylinder (seek time) and time for desired sector to rotate under the disk head (rotational latency) Head crash results from disk head making contact with the disk surface That’s bad Disks can be removable Drive attached to computer via I/O bus Busses vary, including EIDE, ATA, SATA, USB, Fibre Channel, SCSI Host controller in computer uses bus to talk to disk controller built into drive or storage array Moving-head Disk Mechanism Overview of Mass Storage Structure (Cont.) Magnetic tape Was early secondary-storage medium Relatively permanent and holds large quantities of data Access time slow Random access ~1000 times slower than disk Mainly used for backup, storage of infrequently-used data, transfer medium between systems Kept in spool and wound or rewound past read-write head Once data under head, transfer rates comparable to disk 20-200GB typical storage Common technologies are 4mm, 8mm, 19mm, LTO-2 and SDLT Disk Structure Disk drives are addressed as large 1-dimensional arrays of logical blocks, where the logical block is the smallest unit of transfer.
  • A Unified Toolkit for Accessing Human Interface Devices in Pure Data And

    A Unified Toolkit for Accessing Human Interface Devices in Pure Data And

    Proceedings of the 2007 Conference on New Interfaces for Musical Expression (NIME07), New York, NY, USA A Unified Toolkit for Accessing Human Interface Devices in Pure Data and Max/MSP Hans-Christoph Steiner David Merrill Olaf Matthes IDMI/Polytechnic University MIT Media Lab nullmedium Brooklyn, NY, USA Cambridge, MA, USA Greifswald, Germany [email protected] [email protected] [email protected] ABSTRACT For an electronic musical instrument designer, easy ac- In this paper we discuss our progress on the HID toolkit, cess to gestural data (motion, pressure, buttonpresses, etc.) a collection of software modules for the Pure Data and and output capabilities (lights, force feedback) enables rapid Max/MSP programming environments that provide unified, prototyping of musical affordances and mapping strategies. user-friendly and cross-platform access to human interface Many HIDs are temporally and gesturally sensitive enough devices (HIDs) such as joysticks, digitizer tablets, and for musical performance, including gaming mice, certain joy- stomp-pads. These HIDs are ubiquitous, inexpensive and sticks, and most graphics tablets. Another factor that makes capable of sensing a wide range of human gesture, making many existing HIDs appealing for electronic music perfor- them appealing interfaces for interactive media control. mances is that they are relatively familiar objects (as com- However, it is difficult to utilize many of these devices for pared to custom electronic hardware), which can allow an custom-made applications, particularly for novices. The audience to more easily understand the connection between modules we discuss in this paper are [hidio] 1, which a performer’s actions and the resulting sonic output.
  • RX Family USB Host Human Interface Device Class Driver for USB Mini Firmware Using Firmware Integration Technology Contents

    RX Family USB Host Human Interface Device Class Driver for USB Mini Firmware Using Firmware Integration Technology Contents

    APPLICATION NOTE R01AN2168EJ0120 RX Family Rev.1.20 Jun 1, 2020 USB Host Human Interface Device Class Driver for USB Mini Firmware Using Firmware Integration Technology Introduction This application note describes USB Host Human Interface Device Class Driver (HHID), which utilizes Firmware Integration Technology (FIT). This module operates in combination with the USB Basic Mini Host and Peripheral Driver. It is referred to below as the USB HHID FIT module. Target Device RX111 Group RX113 Group RX231 Group RX23W Group When using this application note with other Renesas MCUs, careful evaluation is recommended after making modifications to comply with the alternate MCU. Related Documents 1. Universal Serial Bus Revision 2.0 specification http://www.usb.org/developers/docs/ 2. USB Class Definitions for Human Interface Devices Version 1.1 3. HID Usage Tables Version 1.1 http://www.usb.org/developers/docs/ 4. RX111 Group User’s Manual: Hardware (Document number .R01UH0365) 5. RX113 Group User’s Manual: Hardware (Document number.R01UH0448) 6. RX231 Group User’s Manual: Hardware (Document number .R01UH0496) 7. RX23W Group User’s Manual: Hardware (Document number .R01UH0823) 8. USB Basic Mini Host and Peripheral Driver (USB Mini Firmware) using Firmware Integration Technology Application Note (Document number.R01AN2166) • Renesas Electronics Website http://www.renesas.com/ • USB Devices Page http://www.renesas.com/prod/usb/ R01AN2168EJ0120 Rev.1.20 Page 1 of 17 Jun 1, 2020 RX Family USB Host Human Interface Device Class Driver for USB Mini Firmware
  • Use External Storage Devices Like Pen Drives, Cds, and Dvds

    Use External Storage Devices Like Pen Drives, Cds, and Dvds

    External Intel® Learn Easy Steps Activity Card Storage Devices Using external storage devices like Pen Drives, CDs, and DVDs loading Videos Since the advent of computers, there has been a need to transfer data between devices and/or store them permanently. You may want to look at a file that you have created or an image that you have taken today one year later. For this it has to be stored somewhere securely. Similarly, you may want to give a document you have created or a digital picture you have taken to someone you know. There are many ways of doing this – online and offline. While online data transfer or storage requires the use of Internet, offline storage can be managed with minimum resources. The only requirement in this case would be a storage device. Earlier data storage devices used to mainly be Floppy drives which had a small storage space. However, with the development of computer technology, we today have pen drives, CD/DVD devices and other removable media to store and transfer data. With these, you store/save/copy files and folders containing data, pictures, videos, audio, etc. from your computer and even transfer them to another computer. They are called secondary storage devices. To access the data stored in these devices, you have to attach them to a computer and access the stored data. Some of the examples of external storage devices are- Pen drives, CDs, and DVDs. Introduction to Pen Drive/CD/DVD A pen drive is a small self-powered drive that connects to a computer directly through a USB port.
  • Perfect Devices: the Amazing Endurance of Hard Disk Drives Giora J

    Perfect Devices: the Amazing Endurance of Hard Disk Drives Giora J

    T TarnoTek Perfect Devices: The Amazing Endurance of Hard Disk Drives Giora J. Tarnopolsky TARNOTEK & INSIC - Information Storage Industry Consortium www.tarnotek.com [email protected] www.insic.org 2004 - Mass Storage Systems & Technologies Outline z Perfect Inventions z Hard Disk Drives & other consumer products z Hard Disk Drives: Developments 1990 - 2004 z Marketplace z How the technology advances have affected the product offerings z Technology z How market opportunities propelled basic research forward z Disk Drives at the Boundaries z INSIC and Data Storage Systems Research z Closing Remarks: Hard Disk Drive Endurance Giora J. Tarnopolsky HDD - Perfect Devices © 2002-2004\14 April 2004\2 TARNOTEK 2004 - Mass Storage Systems & Technologies PERFECT INVENTIONS Giora J. Tarnopolsky HDD - Perfect Devices © 2002-2004\14 April 2004\3 TARNOTEK 2004 - Mass Storage Systems & Technologies Nearly Perfect Inventions z Certain inventions are created “perfect:” their operation relies on a fundamental principle that cannot be improved, or does not merit improvement z This assures their endurance … z … and defines their domain of development, the limits of applicability of the invention z Examples of perfect inventions are the bicycle, the umbrella, the book, and the disk drive Giora J. Tarnopolsky HDD - Perfect Devices © 2002-2004\14 April 2004\4 TARNOTEK 2004 - Mass Storage Systems & Technologies Bicycle z Gyroscope effect assures stability of the rider z Under torque T, the bike turns but does not fall z Low ratio of vehicle mass to rider mass z ~ 15 % (as compared to ~2,200% for car) z Efficient r T z Rugged r dL z Mass-produced r dt L z Affordable Giora J.
  • USB Human Interface Device Class on an Embedded Host

    USB Human Interface Device Class on an Embedded Host

    AN1144 USB Human Interface Device Class on an Embedded Host Author: Amardeep Gupta The class, subclass and protocol designators for an HID bDeviceClass Microchip Technology Inc. device are not contained in the , bDeviceSubClass and bDeviceProtocol fields of the device descriptor. Instead, these fields are all set to INTRODUCTION 0x00 and the designators are specified in the bInterfaceClass, bInterfaceSubClass and With the introduction of Microchip’s microcontrollers with bInterfaceProtocol fields of the interface the USB OTG peripheral, microcontroller applications descriptor. The most common configurations for HID can easily support USB embedded host functionality. class devices are: Traditionally, the PC is used as a host in an USB network. Now, with Microchip’s microcontroller with host capability, • bInterfaceClass – the host can be implemented in an embedded system. 0x03 (HID Class) Some of the most common uses of this capability are to bInterfaceSubClass interface to Human Interface Devices (HIDs). • – 0x00 (No Subclass) USB HUMAN INTERFACE DEVICE 0x01 (Boot Interface Subclass) (HID) CLASS 0x02-0xFF (Reserved) Overview • bInterfaceProtocol – The HID class primarily consists of devices that are 0x00 (None) used to control any particular application. 0x01 (Keyboard) Typical examples of HID class devices include: 0x02 (Mouse) • Keyboard and pointing devices 0x03-0xFF (Reserved) • Control switches, sliders and so on A host communicates with the HID class device using • Joystick, steering and other gaming control inputs either the control (default) pipe or an interrupt pipe. • Point-of-sale bar code scanners and magnetic card The control pipe is used for: readers having an HID Keyboard Emulation mode • Sending and receiving the control transfer data. The HID class can be used for devices without human interface, too; such applications just need to be able to • Transmitting and receiving reports if the interrupt function within the limits of the HID class specifications.
  • (12) Patent Application Publication (10) Pub. No.: US 2007/0208949 A1 Lu Et Al

    (12) Patent Application Publication (10) Pub. No.: US 2007/0208949 A1 Lu Et Al

    US 20070208949A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2007/0208949 A1 Lu et al. (43) Pub. Date: Sep. 6, 2007 (54) INFORMATION SECURITY DEVICE OF Publication Classification UNIVERSAL SERAL BUS HUMAN (51) Int. Cl. INTERFACE DEVICE CLASS AND DATA H04LK LM00 (2006.01) TRANSMISSION METHOD FOR SAME (52) U.S. Cl. ....................................................... 713/186 (75) Inventors: Zhou Lu, Beijing (CN); (57) ABSTRACT Huazhang Yu, Beijing (CN) The present invention relates to an information security device of Universal Serial Bus (USB) Human Interface Correspondence Address: Device (HID) class and the data transmission method for the Richard L. Wood same. With a master chip that has a built-in HID descriptor and a USB interface chip connected to the master chip, the 22nd Floor, 120 South Riverside Plaza device of the present invention itself may be designed to be Chicago, IL 60606-3945 compact and easy to use, and provide powerful functions. With the USB HID interface, the device user does not need (73) Assignee: Feitian Technologies, Co., Ltd, to install a driver and the user can use the device anywhere Beijing (CN) and anytime. And the user does not need to manage the driver whose version updates constantly, consider the com patibility of various product drivers, face the risk caused by (21) Appl. No.: 111534,991 the driver when running OS, and worry about the pollution to the system resulted from the installation and uninstalla (22) Filed: Sep. 25, 2006 tion of the driver. CPU, SCM or smart card chip used as the master chip ensures that the security of identity authentica Foreign Application Priority Data tion is reliable.
  • USB Mass Storage Device (MSD) Bootloader

    USB Mass Storage Device (MSD) Bootloader

    Freescale Semiconductor Document Number: AN4379 Application Note Rev. 0, October 2011 Freescale USB Mass Storage Device Bootloader by: Derek Snell Freescale Contents 1 Introduction 1 Introduction................................................................1 Freescale offers a broad selection of microcontrollers that 2 Functional description...............................................2 feature universal serial bus (USB) access. A product with a 3 Using the bootloader.................................................9 USB port allows very easy field updates of the firmware. This application note describes a mass storage device (MSD) USB 4 Porting USB MSD device bootloader to bootloader that has been written to work with several other platforms.........................................................13 Freescale USB families. A device with this bootloader is 5 Developing new applications..................................15 connected to a host computer, and the bootloader enumerates as a new drive. The new firmware is copied onto this drive, 6 Conclusion...............................................................20 and the device reprograms itself. Freescale does offer other bootloaders. For example, application note AN3561, "USB Bootloader for the MC9S08JM60," describes a USB bootloader that was written for the Flexis JM family. The MSD bootloader described in this application note is offered as another option, and has these advantages: • It does not require a driver to be installed on the host. • It does not require an application to run on the host. • Any user can use it with a little training. The only action required is to copy a file onto a drive. • It can be used with many different host operating systems since it requires no host software or driver This bootloader was specifically written for several families of Freescale microcontrollers that share similar USB peripherals. These families include, but are not limited to, the following: • Flexis JM family MCF51JM © 2011 Freescale Semiconductor, Inc.
  • Usbcheckin: Preventing Badusb Attacks by Forcing Human-Device Interaction

    Usbcheckin: Preventing Badusb Attacks by Forcing Human-Device Interaction

    USBCheckIn: Preventing BadUSB Attacks by Forcing Human-Device Interaction Federico Griscioli∗, Maurizio Pizzonia∗ and Marco Sacchetti∗ ∗Roma Tre University, Department of Engineering Via della Vasca Navale 79, 00146 Rome, Italy fgriscioli,[email protected] [email protected] GoodUSB [3] is a software solution that aims at protecting Abstract—The BadUSB attack leverages the modification of the host against BadUSB attacks. When a new USB device is firmware of USB devices in order to mimic the behaviour of a attached, a message is shown to the user, which must declare keyboard or a mouse and send malicious commands to the host. This is a new and dreadful threat for any organization. Current his/her expectation about the functionalities of the device. countermeasures either require special USB devices or ask the In this paper we present USBCheckIn, an hardware solution user to decide if the device can be used. that is able to protect any kind of USB host against attacks We propose a new approach that, before allowing the device from devices that claim to be human interface devices but are to be used, forces the user to interact with it physically, to not. The basic idea is that the authenticity of a real human ensure that a real human-interface device is attached. Our implementation is hardware-based and, hence, can be used with interface device can be easily checked by asking the user to any host, comprising embedded devices, and also during boot, use it. To authorize a human intreface device to connect to i.e., before any operating system is running.