Universal Serial aBUSe - Remote Physical Access Attacks

Explore novel USB-level attacks providing remote command and control of air-gapped machines with minimal forensic footprint in this 40-minute conference talk from the 44CON Information Security Conference. Delve into the creation of malicious USB devices using low-cost hardware, focusing on stealthy bi-directional communication channels between host and device. Learn about remote connectivity via 3G/Wi-Fi/Bluetooth, offloading complexity to hardware, and leaving only a small stub on the host. Discover improvements over existing work, including bypassing network controls and minimizing forensic trails. Gain insights into demonstrating physical bypass risks of software security without an extensive budget, and understand the importance of building defenses in this area.