USB Drive Sanitization for Samuri, Keyboard Cowboys, and cattle too... Hushcon East 2015 Joe FitzPatrick -- @securelyfitz
whoami

  • Electrical Engineering + CS and Infosec
  • 10 years of fun with hardware
  • silicon debug
  • pen testing of CPUs
  • security training
  • Software Exploitation via Hardware Exploits
  • Secure Hardware Development class and workshop
  • Hands-on Physical Attacks on x86 Systems
    • We need a way to test and disinfect USB flash drives
    USB Sanitizer:
  • Cheap
  • Small
  • Hand-solderable
  • Small software stack
    • MAX 3421E
    ARM M0 or PIC32
    FTDI Vinculum 2
    Is it a singe-function device?
    Is it a flash drive?
    Is it a MSC?
    If so, then WIPE!
    Multi-faceted positive impact from implementing USB Sanitizer in a homogenous cross-organizational effort Affordable threat protection for less than 8 figures for moderatly sized organizations
    Crappy Code
    Harvard architecture, but flash is reprogrammable...
    Weak against targeted attacks
    No open toolchain
    no way to verify firmware
    indescernabe from a write blocker
    Questions?