Multiplexed Wired Attack Surfaces

Presented at ToorCon San Diego 15 (2013), Oct. 19, 2013, 5 p.m. (50 minutes)

Manufacturers of mobile devices often multiplex several wired interfaces onto a single connector. Some of these interfaces, probably intended for test and development, are still enabled when the devices ship. We'll show you how you can get a shell on a popular mobile phone via its USB port without using a USB connection and we will release an open source tool for exploring multiplexed wired interfaces.

Presenters:

• Kyle Osborn / Kos   as Kos
  Kyle Osborn is the lead security engineer at an electric car manufacturer in Silicon Valley where he manages web application, network, and product security. He plays a bad guy at the Western Regional Collegiate Cyber Defense Competition, and has developed a CTF, with his team, for the United States Cyber Challenge "Cyber Camps", which a number of campers competed in. Osborn has previously discussed browser and mobile security at prominent conferences such as BlackHat USA, DefCon, Toorcon, DerbyCon, Hacker Halted, and more.
• Michael Ossmann
  Michael Ossmann is a wireless security researcher who makes hardware for hackers. He founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

Links:

• https://infocon.org/cons/ToorCon/ToorCon 15 - 2013/Michael Ossmann & Kos - Multiplexed Wired Attack Surfaces.mp4

Similar Presentations:

• ShmooCon XI (2015) / NSA Playset: USB Tools
• Black Hat USA 2013 / Multiplexed Wired Attack Surfaces
• ToorCon San Diego TwentyOne (2019) / Hacking Even More USB with USB-Tools