1、#BHAS BlackHatEventsWATCH YOUR PHONENovel USBNovel USB-Based File Access Attacks Against Mobile DevicesBased File Access Attacks Against Mobile DevicesFlorian Draschbacher&Lukas Maar#BHAS BlackHatEventsAbout UsWe are PhD students at Graz University of Technologys Institute of Information SecurityRes
2、earch Areas:Research Areas:Mobile Security Application Analysis Hardware AspectsResearch Areas:Research Areas:System Security Kernel Security Side-Channel SecurityFlorian Florian DraschbacherDraschbacherflorian.draschbachertugraz.atLukas MaarLukas Maarlukas.maartugraz.at#BHAS BlackHatEventsIntroduct
3、ion Mobile devices store sensitive user dataPictures,Messages,Credentials,USB connectivity is a known attack vectorExtract data,compromise device We present novel USB data extraction attacks for two scenarios:Manipulated Chargers:Attacker needs to bypass user promptsPhysical Access:Attacker needs to
4、 bypass lock screen#BHAS BlackHatEventsHistory of USB AttacksManipulated USB DevicesExploit high-level trust modelMalicious HostsJuiceJacking(2011)Mitigated with user promptsMalicious PeripheralsBadUSB(2014-)JuiceFilming(2016-)Ghosttalk(2022-)Physical AccessExploit individual low-level flawsExample:
5、Checkm8(2019)Code execution throughUse-After-Free in USB stackCommercial forensics toolsCellebrite UFED(2008-)MSAB XRY(2009-)Magnet GrayKey(2017-)#BHAS BlackHatEventsBackground:USB on Mobile Mobile devices use multi-function USB-C ports PowerCharge phone or supply peripherals USBData exchange with P
6、C or peripherals USB Power DeliveryNegotiation of power and data rolesStill:A USB port either acts as USB host or USB device at a given timeImage:Kyu3/CC BY-SA 4.0/wikimedia#BHAS BlackHatEventsBackground:USB File Access on MobileUser prompts mitigate malicious chargers that extract files(“JuiceJacki