USB attack technology

Sep 03, 2022

Since the birth of USB, attacks using USB have never stopped. In recent years, this type of attack has shown explosive growth. Compared with previous attack methods, USB attack technologies are diverse and pose a huge threat.

Ferry attack

The earliest USB attack is the USB ferry attack, that is, the USB device is used as the attack carrier to carry out software attacks by implanting viruses and Trojans into the USB device. When the USB device is inserted into the host, the malicious software can be run directly through the AutoRun command, which endangers the security of the operating system. In order to solve this problem, Microsoft introduced a complex and effective file access mechanism in Windows 7, and restricted the AutoRun command of U disk and other media. The most typical example of the USB ferry attack is the "shock net" virus. The U-disk carrying the virus uses the AutoRun mechanism and the opportunity to plug into the intranet computer to intrude into the control network of Iran's nuclear facilities and gradually infiltrate into industrial control equipment. It is called the most complex network weapon in history.

Interface attack

The USB interface attack technology uses the characteristics of the interface class provided in the USB protocol to camouflage and cheat, so as to bypass the device detection mechanism to complete the attack. Hid interface class is a class widely used in USB interface attacks. This kind of attack uses the enumeration process when the USB device communicates with the host to enumerate the USB device into a composite device (such as an HID keyboard and a custom hid device). Due to the "high reliability" of the computer to hid human-machine interface equipment, the computer will not give any warning during the whole process.