![]() ![]() ![]() Three years ago at Black Hat USA, Davis used "Frisbee," a proof-of-concept exploit, "to identify and attack flaws in Windows 7, Windows XP, Xbox 360 and Apple OS X." He said a person with a rigged USB could insert it and "do a huge amount (of damage) in a few seconds." But major security vendors said they couldn't provide USB security, leading Davis "to joke that the only truly foolproof way to protect computers from the threats posed by compromised USBs is to 'fill the USB sockets with epoxy resin'."īut now vendors may take the potential impact from USB attacks a lot more seriously they may change their tune about bugs introduced via rogue USB devices after Black Hat Asia in Singapore where Davis presented "USB Attacks Need Physical Access Right? Not Any More."ĭue to recent advances in a number of remoting technologies, USB attacks can now be launched over a network. NCC Group Research Director Andy Davis likes to test USB host security over the years, Davis has "identified over 100 bugs covering all the major operating systems." He said most vendors typically respond with "Thank you for the bug, but as you need physical access to plug in your rogue device, the impact is actually quite low." Yet Davis continued researching USB security, giving presentations such as "Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions" at Black Hat USA 2013. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |