Enumeration of USB device descriptors to identify vulnerable installers
Master thesis
Permanent lenke
https://hdl.handle.net/11250/3020368Utgivelsesdato
2022Metadata
Vis full innførselSamlinger
Beskrivelse
Full text not available
Sammendrag
A tweet on a newly found vulnerability in the Razer Synapse software in 2021sparked a discussion on how Windows installs drivers. Additional vulnerabilitieswere quickly found in another application, but the findings seemed to stop there.As a result, it is possible that some vulnerabilities have gone undiscovered, and it istime that one takes a second look at how drivers in Windows are installed and thepossible vulnerabilities that are introduced.In this thesis, the installation chain of USB drivers is investigated in terms ofvulnerabilities, specifically those introduced by third parties. For example,companies can provide their drivers and software that will automatically launchupon insertion of a USB device. Furthermore, they might introduce an attackvector to gain additional privileges in doing so.The enumeration framework is developed together with Netsecurity and will beused to find vulnerabilities in third-party installers. This framework will be run intheir data centre, and findings will be reported to the vendors as soon as they areverified.In order to find vulnerabilities, an enumeration framework has been designed andbuilt. This framework splits the installation process into two sections, where thefirst section is automated and the second is manual. Automated enumeration ofUSB descriptors is done using Qemu and device emulation in software. An attackframework outlining the possible vulnerabilities will be used to process the findingsof the automated section. Furthermore, this framework has made findings in termsof vulnerable applications