USB Drive Sanitization for Samuri, Keyboard Cowboys, and cattle too...
Hushcon East 2015
Joe FitzPatrick -- @securelyfitz
whoami
Electrical Engineering + CS and Infosec
10 years of fun with hardware
silicon debug
pen testing of CPUs
security training
Software Exploitation via Hardware Exploits
Secure Hardware Development class and workshop
Hands-on Physical Attacks on x86 Systems
We need a way to test and disinfect USB flash drives
USB Sanitizer:
Cheap
Small
Hand-solderable
Small software stack
MAX 3421E
ARM M0 or PIC32
FTDI Vinculum 2
Is it a singe-function device?
Is it a flash drive?
Is it a MSC?
If so, then WIPE!
Multi-faceted positive impact from implementing USB Sanitizer in a homogenous cross-organizational effort
Affordable threat protection for less than 8 figures for moderatly sized organizations
Crappy Code
Harvard architecture, but flash is reprogrammable...
Weak against targeted attacks
No open toolchain
no way to verify firmware
indescernabe from a write blocker