Risks associated with USB Hardware Trojan devices used by insiders

This paper extends the discussion of potential damage that can be done by Hardware Trojan Horse devices by discussing the specific risks associated with an Insider's use of such a device to circumvent established security policies, even when these are implemented with state of the art Endpoint Security Solutions. The paper argues that a specific category of Hardware Trojan Horse devices, those implemented as functional peripheral devices, are particularly dangerous when used by a malicious Insider. The research discusses the implementation of a proof of concept Hardware Trojan Horse device, implemented as a USB Human Interface Devices, that exploits unintended USB channels to exfiltrate data from a computer. The work discusses unintended USB channels, paying particular attention to the observability of the channel in operation. Various scenarios are presented to show that Hardware Trojan Horse devices implemented as peripheral devices can be used to prosecute a wide variety of attacks that are not mitigated by modern defensive techniques. The work demonstrates that a Hardware Trojan Horse device and physical access by a malicious Insider are sufficient to compromise a modern computer system. The paper argues that the study of Hardware Trojan devices must become an integral part of research on Insider Threats.