Authors: Damola O. Lawal, David W. Gresty, Diane E. Gan, Louise Hewitt

Abstract:

This paper investigates the feasibility of using a programmable USB such as the O.MG Cable to perform a file tampering attack. Here, the O.MG Cable, an apparently harmless mobile device charger is used in an unauthorised way, to alter the content of a file (an accounts record-January_Contributions.xlsx). The aim is to determine if a forensics analyst can reliably determine who has altered the target file; the O.MG Cable or the user of the machine. This work highlights some of the traces of the O.MG Cable left behind on the target computer itself such as the Product ID (PID) and Vendor ID (ID). Also discussed is the O.MG Cable’s behaviour during the experiments. We determine if a forensics analyst could identify if any evidence has been left behind by the programmable device on the target file once it has been removed from the computer to establish if the analyst would be able to link the traces left by the O.MG Cable to the file tampering. It was discovered that the forensic analyst might mistake the actions of the O.MG Cable for the computer users. Experiments carried out in this work could further the discussion as to whether an innocent user could be punished for the unauthorised changes made by a programmable device.

Keywords: O.MG Cable, programmable USB, file tampering attack, digital evidence credibility, miscarriage of justice, cyber fraud.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 544

References:

[1] Kumar, Y., 2020. Juice Jacking-The USB Charger Scam. Available at SSRN 3580209.
[2] Grobler, C.P., Louwrens, C.P. and von Solms, S.H., (2010). 2010. A multi-component view of digital forensics. In 2010 International Conference on Availability, Reliability and Security (pp. 647-652). IEEE
[3] Dean, P.C., Dean, P.M. and Dean, J.L., 2016. Identity theft: What you don’t know could hurt you. International Journal of Business and Social Science, 7(8), pp.1-4.
[4] Loe, E.L., Hsiao, H.C., Kim, T.H.J., Lee, S.C. and Cheng, S.M., 2016, December. SandUSB: An installation-free sandbox for USB peripherals. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) (pp. 621-626). IEEE.
[5] Kitchen, D., (2016). 2016. hak5darren/USB-Rubber-Ducky. (online) GitHub. Available at: https://github.com/hak5darren/USB-Rubber-Ducky (Accessed 29 Feb 2021).
[6] Lawal, D., Gresty, D., Gan, D., and Hewitt, L., 2021. Have You Been Framed and Can You Prove it? In 2021 44th International Convention on Information and Communication Technology, Information System Security (MIPRO). IEEE.
[7] Johnston, P. and Elyan, E. (2019). 2019. A review of digital video tampering: From simple editing to full synthesis. Elsevier, (online) 29. Available at: https://www.sciencedirect.com/science/article/pii/S1742287618304146 (Accessed 13 Nov. 2019).
[8] Bojovic, P.D., Basicevic, I., Pilipovic, M., Bojovic, Z. and Bojovic, M., (2019) 2019. The rising threat of hardware attacks: USB keyboard attack case study. Journal of IEEE Security & Privacy.
[9] Sanzgiri, A. and Dasgupta, D., (2016). 2016. Classification of insider threat detection techniques. In Proceedings of the 11th annual cyber and information security research conference (pp. 1-4).
[10] Sunde, N. and Dror, I.E., (2019). 2019. Cognitive and human factors in digital forensics: Problems, challenges, and the way forward. Digital Investigation, 29, pp.101-108.
[11] Wigmore, I., 2019. What is a UID (Unique Identifier)?. (online) IoT Agenda. Available at: https://internetofthingsagenda.techtarget.com/definition/unique-identifier-UID (Accessed 12 October 2021).