Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Exploiting USB Devices with Arduino

Greg Ose
Black Hat USA 2011
Indexed on
Mar 05, 2014
File name
File size
1.9 MB

Hardware devices are continually relied upon to maintain a bridge between physical and virtual security. From access cards to OTP tokens, hardware devices receive limited review by application security professionals. They are often considered vastly more complex and difficult to assess than common web- and network-based applications. In this talk I will cover a lightweight methodology to use when approaching the assessment of USB-based hardware devices. This will include the identification of trust boundaries and threat modeling, use case analysis though protocol analysis, as well as crafting a hardware device to exploit identified vulnerabilities. Not only will this methodology be described, it will be detailed through the assessment and exploitation of a hardware-based proximity sensor. Hardware-based proximity sensors attempt to enforce desktop security and lock a user's desktop when the device has been removed from the vicinity of the computer. I will describe my experience and process for assessing a USB-based proximity sensor device and its eventual exploitation using components of the Arduino hardware architecture. I will describe the entire process not from the view of an electrical engineer, but from that of an application security professional with limited knowledge of current and voltage and a hobbyist's budget.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !