A survey of the hazards of using USB as a universal charging standard as pertains to smart devices

Abstract

The Universal Serial Bus protocol was designed to be, and has become, the single standard used for interfacing with computer peripherals and electronic components. The proliferation of this protocol has resulted in USB power outlets in public places being a common sight. However, the very universality of the protocol, combined with the rapidly shrinking size of computer processors and microcontrollers, creates some rather severe security vulnerabilities.

Plugging a USB smart device into a compromised port, even one purported to be solely a power delivery system, can allow an attacker to perform many different malicious actions, the range and severity of which depend on the length of time the device remains attached, the specific type of device in question, and the resources of the attacker. This thesis presents a survey of the types of attacks possible against some of the most common and popular devices, a comparison of these devices from the standpoint of defense against these types of attacks, and possible mitigation strategies.