Implementing USB Attacks with Microcontrollers

Abstract

The USB specification has become one of the most prominent standards for interconnection between devices and peripherals. Its main objective is to provide ease of use and increase compatibility by implementing standard specifications. USB peripherals are selfconfiguring and are considered Plug and Play (PnP) devices. This simplifies their usage by minimizing the interaction required for their configuration. But host devices must provide a minimum level of trust, which can be exploited by malicious devices. By exploiting this trust, an attacker may masquerade as a trusted USB device such as a keyboard, a flash storage, or an ethernet adapter. Implementing these attacks can be easily achieved by using commercially available tools or a combination of open-source software and low cost components. In this article we will discuss different types of USB attacks and explore how tools capable of automating such attacks can be implemented by using a low-cost reprogrammable microcontroller. Key Terms ⎯ Bash Bunny, Human Interface Device (HID) Attacks, Penetration Testing Tools, Raspberry Pi, Universal Serial Bus (USB) Attacks.