Andy Davis (Research Director, NCC Group)

PRESENTATION TITLE: Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions

PRESENTATION ABSTRACT:

Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a security researcher when you are faced with one of these “black boxes” to test, sometime in-situ, it is difficult to know where to start. However, if there is a USB port on the device there is useful information that can be gained.

This talk is about using techniques to analyze USB stack interactions to provide information such as the OS running on the embedded device, the USB drivers installed and devices supported. The talk will also cover some of the more significant challenges faced by researchers attempting to exploit USB vulnerabilities using a Windows 8 USB bug recently discovered by the presenter (ms13-027) as an example.

The talk will also include a demo of a tool called umap that performs USB driver enumeration, OS identification and USB enumeration-based and class-specific host fuzzing. The latest version of the tool can emulate all the common USB device classes.

ABOUT ANDY DAVIS

Andy is Research Director at NCC Group. He has worked in the Information Security industry for over 20 years, performing a range of security functions throughout his career. Prior to joining NCC Group, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for software vulnerability discovery. Andy regularly presents at conferences such as: Black Hat, CanSecWest, Infiltrate and EUSecWest.