Compromise through USB-based Hardware Trojan Horse device

This paper continues the discussion of the risks posed by Hardware Trojan Horse devices by detailing research efforts to build such a Hardware Trojan Horse based on unintended USB channels. Because of the ubiquitousness of the USB protocol in contemporary computer systems, the research focused on identifying, characterizing and modeling unintended USB channels. The research demonstrated that such unintended USB channels can allow the creation of two way communications with a targeted network endpoint, thus violating the integrity and confidentiality of the data residing on the network endpoint. The work was validated through the design and implementation of a Proof of Concept Hardware Trojan that uses two such unintended USB channels to successfully interact with a target network endpoint to compromise and exfiltrate data from it.