Malicious USB Devices:Is that an attack vector in your pocket or are you just happy to see me?

ShmooCon VII - 2011

Presented by: Adrian Crenshaw
Date: Sunday January 30, 2011
Time: 11:00 - 12:00
Location: Break It room
Track: Break It!

While a fair amount of research has gone into blocking malicious software (viruses, worms, trojans, spyware, etc.), comparatively less time has gone into researching malicious hardware devices. There are many examples of malicious hardware, to name just a few: backdoored routers, surreptitiously installed hosts that act as pivots on a network, PS/2 key loggers, etc. The topic of malicious hardware can be pretty broad, so we are concentrating this talk specifically on malicious USB devices. USB devices are of special interest as they often require less user interaction to install on a system than other types of hardware peripheral (PCI cards for example) meaning less attention may be paid to what tasks they are doing under the user’s nose. While modern Operating Systems have ways to help mitigate the threats, little seems to be done by current security systems to thwart malicious USB devices. The purpose of this talk is to inform the viewer about different classes of malicious USB devices, what can be done to protect systems from such hardware, make recommendations as to best practices to secure environments, and to increase awareness of malicious USB devices in general.

Adrian Crenshaw

Adrian Crenshaw has worked in the IT industry for the last thirteen years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats