Although the concept of identifying and exploiting vulnerabilities in USB drivers is not new, the approach presented here will be, as it provides the capability to test any USB platform or device (previous techniques have been either device or USB-host dependent). Although the new approach is quite simple, its effectiveness has been clearly demonstrated over the past few months by identifying vulnerabilities in USB drivers of many of the well-known operating systems in use today. The presentation will cover typical USB vulnerability classes and also discuss the implications of this type of vulnerability for Endpoint security products.
Andy has worked in the Information Security industry for 20 years, performing a range of security functions throughout his career. Prior to joining NGS Secure, Andy held the positions of Head of Security Research at KPMG, UK and Chief Research Officer at IRM Plc. Before working in the private sector he worked for ten years performing various roles in Government. Recently, Andy has been leading security research projects into technologies such as embedded systems and hardware interface technologies and developing new techniques for black-box software vulnerability discovery