Mouse Trap: Exploiting Firmware Updates in USB Peripherals

Jacob Maskiewicz, Benjamin Ellis, James Mouradian, and Hovav Shacham.

In Proceedings of WOOT 2014. USENIX, Aug. 2014.

Abstract

Although many users are aware of the threats that malware pose, users are unaware that malware can infect peripheral devices. Many embedded devices support firmware update capabilities, yet they do not authenticate such updates; this allows adversaries to infect peripherals with malicious firmware. We present a case study of the Logitech G600 mouse, demonstrating attacks on networked systems which are also feasible against air-gapped systems.

If the target machine is air-gapped, we show that the Logitech G600 has enough space available to host an entire malware package inside its firmware. We also wrote a file transfer utility that transfers the malware from the mouse to the target machine. If the target is networked, the mouse can be used as a persistent threat that updates and reinstalls malware as desired.

To mitigate these attacks, we implemented signature verification code which is essential to preventing malicious firmware from being installed on the mouse. We demonstrate that it is reasonable to include such signature verification code in the bootloader of the mouse.

Material

Reference

@InProceedings{MEMS14, author = {Jake Maskiewicz and Benjamin Ellis and James Mouradian and Hovav Shacham}, title = {Mouse Trap: Exploiting Firmware Updates in {USB} Peripherals}, booktitle = {Proceedings of WOOT 2014}, year = 2014, editor = {Sergey Bratus and Felix Lindner}, month = aug, organization = {USENIX} }

Navigation: Hovav Shacham // Publications // [MEMS14]