Attacking Encrypted USB Keys the Hard(ware) Way

Presented at Black Hat USA 2017, July 27, 2017, 12:10 p.m. (50 minutes)

Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data.

In this talk, we will present our methodology to assess "secure" USB devices both from the software and the hardware perspectives. We will demonstrate how this methodology works in practice via a set of case-studies. We will demonstrate some of the practical attacks we found during our audit so you will learn what type of vulnerability to look for and how to exploit them. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice.


Presenters:

  • Jean-Michel Picod - Reverse engineer, Google
    Jean-Michel Picod is currently working at Google Switzerland. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, scapy-radio, forensic scripts, etc.
  • Rémi Audebert - Reverse engineer, Google
    Rémi Audebert works at Google in the anti-abuse team where he solves all kinds of problems, sometimes with the help of FPGAs. His goal is to understand malware to better defend and protect the users. In his free time he used to build robots for the european robotics contest and he now organizes the French computer science contest: Prologin.
  • Elie Bursztein - anti-fraud research lead, Google
    Elie Bursztein leads Google's anti-abuse research, which helps protect users against Internet threats. Elie has contributed to applied-cryptography, machine learning for security, malware understanding, and web security; authoring over fifty research papers in the field. Most recently, he was involved in finding the first SHA-1 collision. Elie is a beret aficionado, tweets at @elie, and performs magic tricks in his spare time. Born in Paris, he received a PhD from ENS-cachan in 2008 before working at Stanford University and ultimately joining Google in 2011. He now lives with his wife in Mountain View, California.

Links:

Similar Presentations: