BADUSB-C: Revisiting BadUSB with Type-C

The security of the Universal Serial Bus (USB) protocol has been paid extensive attention to because of its wide usage. Due to the trust-by-default characteristics, USB security has caused severe problems. For example, a well-known firmware attack, BadUSB, performs malicious operations on the victim hosts through disguising ordinary USB devices as human interface devices like keyboards and mice. However, BadUSB suffers from several limitations. Attackers cannot obtain the status of User Interface (UI) to conduct precise attacks and get the visual feedback of their attacks. In this work, we extended BadUSB to support the new USB Type-C features and proposed a multi-mode attack model, BADUSB-C. This obtains III status to make attacks more precise and effective. To the best of our knowledge, BADUSB-C is the first attack model utilizing USB Type-C. To validate the usability and effectiveness, we conducted extensive experiments to simulate daily usage and summarized the private information collected. We also discussed the recommended countermeasures for our attack model, including isolated III rendering, which may be inspiring for future research on defense methods.