If you’ve never thought USB devices could become even less trustworthy, then this is the talk for you. We already know USB devices might try to automatically run code when connected, or act like a hyperactive keyboard and mouse, or attempt to physically destroy the host, or masquerade as an innocent charging/data cable. But it can, actually, get worse. Say hello to the Loki Drive, a USB drive with just a little too much chaotic energy. I’ll demonstrate how a USB mass storage device can change the storage it presents to the host computer based on a set of user-defined conditions. On the offensive side this can be used to circumvent USB scanning procedures and on the defensive side this can be used to store private files that will be undetectable without time-consuming analysis. Attendees will learn the steps I took to build the POC, see what it can do, and discover, anew, just how much they fear USB devices.
I’m a blue-team lead professionally. I delight in thinking of ways to defeat my own processes and then admitting these flaws publicly. I spoke at DEF CON 24 about using copiers to load code on closed networks, at the Lockpick Village at DEF CON 26 about exploiting human laziness on multi-dial combination locks, and at BSidesLV 2018 on quantitative risk analysis. Lastly, I’m the only person I’ve ever met that’s literally been bitten by an otter. You think they are cuddly and cute; I think they are underestimated aquatic apex predators.