Attacking Encrypted USB Keys the Hard(ware) Way

Black Hat USA 2017

Presented by: Rémi Audebert, Elie Bursztein, Jean-Michel Picod
Date: Thursday July 27, 2017
Time: 12:10 - 13:00
Location: South Seas CDF

Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data.

In this talk, we will present our methodology to assess "secure" USB devices both from the software and the hardware perspectives. We will demonstrate how this methodology works in practice via a set of case-studies. We will demonstrate some of the practical attacks we found during our audit so you will learn what type of vulnerability to look for and how to exploit them. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice.

Jean-Michel Picod

Jean-Michel Picod is currently working at Google Switzerland. He holds an engineering degree in computer systems, networks and security. He has contributed on several open source projects (GoodFET, pynids, etc.) and published several open source tools such as DPAPIck, OWADE, scapy-radio, forensic scripts, etc.

Rémi Audebert

Rémi Audebert works at Google in the anti-abuse team where he solves all kinds of problems, sometimes with the help of FPGAs. His goal is to understand malware to better defend and protect the users. In his free time he used to build robots for the european robotics contest and he now organizes the French computer science contest: Prologin.

Elie Bursztein

Elie Bursztein leads Google's anti-abuse research, which invents ways to protect users against cyber-criminal activities and Internet threats. Elie helped redesign Google's CAPTCHA to make it easier, and made Chrome on Android safer and faster by implementing better cryptography. Recently he got the best paper award for his research on Secret Questions at WWW 2015 and malicious Ads injectors at S&P; 2015\. He also received the IETF Applied Networking Prize for his work on email security. Elie was born in Paris, France, wears berets, and now lives with his wife in Mountain View, California.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats