Speaker(s): Brandon Wilson
The BadUSB concept highlighted to the world the idea that low-cost, commercial USB flash drives contain modifiable firmware that allow them to be far more powerful and useful than just storage devices. Proof-of-concept code was released for a very specific hardware controller to show that modification was easy, perhaps too easy, and had a wide variety of uses, from an attack vector to a data exfiltration platform.
Today, four years later, there does not appear to be much progress. There have been no further public releases of software for the aforementioned hardware controller, nor any attempt to port similar code to other types of flash drives. There has been no significant attempt to phase out controllers with easily modifiable firmware. If the hardware manufacturers have no interest in changing this situation, then we must make the best of it by exploring these devices to their full potential on our own. These flash drives contain a processor, memory, and I/O, making them capable of making decisions and interacting with the world just like any other embedded device, and they deserve to have a framework so that regular users can take advantage of them, instead of just the bad actors in the world that already can and do.
In this talk, I will discuss the technical details of how we got to where we are, the current state of reverse engineering USB flash drive firmware and its security implications, and hopefully a vision of a bright future. New tools, code, and documentation will be publicly released to advance the state of reverse engineering USB flash drive firmware, and hopefully encourage others to build upon and improve it for the benefit of everyone.
Brandon Wilson is a U.S. software developer and application security consultant with over ten years of professional experience, and hacker of random things like game consoles and TI graphing calculators. An avid tinkerer of anything USB-related, he has spoken at DerbyCon and numerous local conferences on this and other subjects, and appeared in the Wall Street Journal and several other publications. He also collects DMCA takedown notices for fun.