Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol
- 223 Downloads
The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands; however, it also enables vendors to add non-standard commands called vendor-defined messages. These messages are similar to the vendor-specific commands in the SCSI protocol, which enable vendors to specify undocumented commands to implement functionality that meets their needs. Such commands can be employed to enable firmware updates, memory dumps and even backdoors.
This chapter analyzes vendor-defined message support in devices that employ the USB Power Delivery protocol, the ultimate goal being to identify messages that could be leveraged in digital forensic investigations to acquire data stored in the devices.
KeywordsUSB Power Delivery protocol vendor-specified messages exploitation
Unable to display preview. Download preview PDF.
- 1.G. Alendal, G. Dyrkolbotn and S. Axelsson, Forensic acquisition – Analysis and circumvention of Samsung secure boot enforced common criteria mode, Digital Investigation, vol. 24(S), pp. S60–S67, 2018Google Scholar
- 2.G. Alendal, C. Kison and modg, Got HW Crypto? On the (In)Security of a Self-Encrypting Drive Series, Cryptology ePrint Archive, Report 2015/1002 (eprint.iacr.org/2015/1002), 2015
- 3.N. Artenstein, Exploiting Android S-Boot: Getting arbitrary code exec in the Samsung bootloader (1/2), Information Security Newspaper, March 3, 2017Google Scholar
- 4.Chindi.ap (commons.wikimedia.org/wiki/User:Chindi.ap), 2019Google Scholar
- 5.H. Reydarns, V. Lauwereys, D. Haeseldonckx, P. van Willigenburg, J. Woudstra and S. De Jonge, The development of a proof of concept for a smart DC/DC power plug based on USB Power Delivery, Proceedings of the Twenty-Second Conference on the Domestic Use of Energy, 2014Google Scholar
- 6.T10 Technical Committee of the International Committee on Information Technology Standards, SCSI Operation Codes (www.t10.org/lists/op-num.htm), 2015
- 7.USB Implementers Forum, Getting a Vendor ID, Beaverton, Oregon (www.usb.org/getting-vendor-id), 2019
- 8.USB Implementers Forum, USB Power Delivery, Beaverton, Oregon (www.usb.org/document-library/usb-power-delivery), 2019