{"title":"USB Device Drivers: A Stepping Stone into Your Kernel","authors":"M. Jodeit, Martin Johns","doi":"10.1109/EC2ND.2010.16","DOIUrl":null,"url":null,"abstract":"The widely–used Universal Serial Bus (USB) exposes a physical attack vector which has received comparatively little attention in the past. While most research on device driver vulnerabilities concentrated on wireless protocols, we show that USB device drivers provide the same potential for vulnerabilities but offer a larger attack surface resulting from the universal nature of the USB protocol. To demonstrate the effectiveness of fuzzing USB device drivers, we present our prototypical implementation of a mutation–based, man-in-the-middle USB fuzzing framework based on an emulated environment. We practically applied our framework to fuzz the communication between an Apple iPod device and a WindowsXP system. This way, we found several potential vulnerabilities. This supports our claim that the USB architecture exposes real attack vectors and should be considered when assessing the physical security of computer systems in the future.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 European Conference on Computer Network Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EC2ND.2010.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 28
Abstract
The widely–used Universal Serial Bus (USB) exposes a physical attack vector which has received comparatively little attention in the past. While most research on device driver vulnerabilities concentrated on wireless protocols, we show that USB device drivers provide the same potential for vulnerabilities but offer a larger attack surface resulting from the universal nature of the USB protocol. To demonstrate the effectiveness of fuzzing USB device drivers, we present our prototypical implementation of a mutation–based, man-in-the-middle USB fuzzing framework based on an emulated environment. We practically applied our framework to fuzz the communication between an Apple iPod device and a WindowsXP system. This way, we found several potential vulnerabilities. This supports our claim that the USB architecture exposes real attack vectors and should be considered when assessing the physical security of computer systems in the future.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
