Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
RSAC Scholar: Jennifer Burns Fellow Team Members: Matthew Bajzek, Tor Langehaug
Abstract - Is My Charger Hacking Me? Modern smartphones rely on USB for charging, but the capabilities of this protocol extend well beyond the delivery of power and offer a wide range of functionality. Since USB provides for communication and charging over the same physical interface, the USB port on a smartphone is a direct gateway into the device. There has been a wealth of research done in the realm of hacking personal devices via USB charger. Some of this research focuses on specific vulnerabilities that may be exploited on particular mobile devices, while other research targets devices of users that choose to plug their devices into untrustworthy charging kiosks. In our project we built upon these research areas by determining the current state of protections against USB attacks on Android devices and developing an innocuous home USB charger that has the ability to install a malicious application on a victim device. In essence, our research is motivated by the question “Should you trust the device that charges your mobile phone?” We hypothesized that vulnerabilities exist which make it possible to, with a combination of hardware and software, steal user data from an Android device by way of its USB port. Given the existence of these vulnerabilities, we further hypothesized that an attacker can package this exploit in a malicious phone charger largely indistinguishable from a trustworthy charger and therefore very likely to mislead the attack’s victims. We tested our hypothesis by developing prototype hardware and software to exploit potential vulnerabilities on Android. We therefore kept the following questions in mind while progressing through our project:
What types of protections are currently in place to prevent USB-based attacks? Do previously documented USB-based attacks still work, and if not, can we adapt them to
current devices? What are the results of launching our attack(s) on various Android devices? Is it possible to package our attack(s) so that users will not question using our device?
References:
[1] Z. Wang and A. Stavrou, “Exploiting Smart-phone USB Connectivity for Fun and Profit,” in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ’10. New York, NY, USA: ACM, 2010, pp. 357–366, [Online]. Available: http://doi.acm.org/10.1145/1920261.1920314. Accessed on: September 16, 2016. [2] B. Krebs, “Beware of Juice-Jacking,” Aug. 2011, [Online]. Available: https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/. Accessed on: October 7, 2016. [3] Vidas, Timothy and Votipka, Daniel and Christin, Nicolas, “All Your Droid Are Belong to Us: A Survey of Current Android Attacks,” in Proceedings of the 5th USENIX Conference on Offensive Technologies, ser. WOOT’11. Berkeley, CA, USA: USENIX Association, 2011, pp.10–10, [Online]. Available: http://dl.acm.org/citation.cfm?id=2028052. 2028062. Accessed on: September 17, 2016. [4] A. F. L. Pereira, “USB connection vulnerabilities on Android smartphones,” 2014, [Online]. Available: https://sigarra.up.pt/feup/pt/pub_geral.show file?pi gdoc id=71852. Accessed on: September 20, 2016.
HypothesisA combination of vulnerabilities exists which makes it possible to steal data from Android devices over USB.
Goals• Design attacks that evade current
Android protection mechanisms.• Package attacks within innocuous
form factor of a personal USB charging device so users implicitly trust the device.
Embed microcontroller in modified USB wall charger to carry out our attacks. Exploit lack of authentication of human interface devices by emulating keyboard over modified USB On-‐The-‐Go cable.
Attack Method• Use shortcut keys to access settings• Enable applications from third-‐party markets• Download malicious application• Accept permissions without user interaction• Steal device’s contacts and send to attacker
owned remote server via application
Problem Statement and Goals
Approach
Results
Is My Charger Hacking Me?Jennifer Burns
Carnegie Mellon University
We developed a prototype that takes advantage of the lack of authentication of human interface devices (HIDs) by Android devices and users’ implicit trust in personal charging devices to steal data via USB.
Potential Defenses§ Implement authentication for HIDs – difficult as past and present
HIDs unable to provide unspoofable means for authentication§ Consider wireless charging methods§ Only buy USB chargers and cables from trustworthy vendors
Future WorkCreate different charger form factors and attack behaviors to increase the stealthiness of our prototype and attack.
Acknowledgements -‐ Fellow team members Matthew Bajzek and Tor Langehaug; Dr. Patrick Tague; Thomas J. Bajzek, P.E.