Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol
Journal article, Peer reviewed
Accepted version
View/ Open
Date
2019Metadata
Show full item recordCollections
Original version
IFIP Advances in Information and Communication Technology. 2019, 569 101-118. 10.1007/978-3-030-28752-8_6Abstract
The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands;however, it also enables vendors to add non-standard commands called
vendor-defined messages. These messages are similar to the vendorspecific commands in the SCSI protocol, which enable vendors to specify undocumented commands to implement functionality that meets their needs. Such commands can be employed to enable firmware updates, memory dumps and even backdoors. This chapter analyzes vendor-defined message support in devices that
employ the USB Power Delivery protocol, the ultimate goal being to identify messages that could be leveraged in digital forensic investigations to acquire data stored in the devices.