Wen-yu TANG,Yi-jun WANG,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.01.025

2017-01-01

Abstract:In recent years, the attack of malicious USB device in various scenarious becomes increasingly rampant, and brings big challenges to the infosec protection. The principles of malicious USB attack are studied, and the reality scenes also restored. This paper firstly discusses the limitation in storage capacity of the device, tells of the device storage capacity and the expansion of storage by modify USB firmware and using SD card. In order to study the severity of such malicious USB device attacks, the attack implementations under network isolation and high-protection environments are explored. Then anti-forensics capacity of the device is analyzed. And finally the defense measure against malicious USB device at the present stage are proposed.

Chun-Yi Wang,Fu-Hau Hsu

2024-09-19

Abstract:USB-based attacks have increased in complexity in recent years. Modern attacks incorporate a wide range of attack vectors, from social engineering to signal injection. The security community is addressing these challenges using a growing set of fragmented defenses. Regardless of the vector of a USB-based attack, the most important risks concerning most people and enterprises are service crashes and data loss. The host OS manages USB peripherals, and malicious USB peripherals, such as those infected with BadUSB, can crash a service or steal data from the OS. Although USB firewalls have been proposed to thwart malicious USB peripherals, such as USBFilter and USBGuard, they cannot prevent real-world intrusions. This paper focuses on building a security framework called USBIPS within OSs to defend against malicious USB peripherals. This includes major efforts to explore the nature of malicious behavior and build persistent protection from USB-based intrusions. We first present a behavior-based detection mechanism focusing on attacks integrated into USB peripherals. We then introduce the novel idea of an allowlisting-based method for USB access control. We finally develop endpoint detection and response system to build the first generic security framework that thwarts USB-based intrusion. Within a centralized threat analysis framework, it provides persistent protection and may detect unknown malicious behavior. By addressing key security and performance challenges, these efforts help modern OSs against attacks from untrusted USB peripherals.

Cryptography and Security

Yekaterina Zuyeva,Anna Pyrkova,Abdizhapar Saparbayev,Aiymzhan Makulova,Gulzinat Ordabayeva

DOI: https://doi.org/10.15587/1729-4061.2022.269031

2022-12-30

Eastern-European Journal of Enterprise Technologies

Abstract:This paper reports the results of experiments and studies involving different types of devices that can implement a BadUSB scenario, for example, BadUSB, Rubber Ducky, which, when connected to a computer, impersonate a device with a Human Interface Device, emulating other devices such as a keyboard and mouse. Given the problem of the lack of management tools for detecting preliminary modifications of USB devices against attacks based on the seizure of computer control, a software and hardware system is proposed as an object of study. It is implemented programmatically in the Arduino IDE environment, and physically it is made on the Arduino Mega board with Shield, which reads the parameters of the devices. It monitors the startup of USB devices and checks each device for pre-retrofitting by passing HID descriptors from the connected hardware. Having parsed the data using Python, the data are represented in the appropriate form for analysis, on the basis of which a decision is made by the system on the possible preliminary modification of the USB drive from which these data came. This is due to the detailed consideration and thorough analysis of data, data types, temporal characteristics of data transmitted along different channels. The technical characteristics and functionality of USB devices were investigated; the parameters transmitted at the moment when they are supplied with power were determined. The system can draw a conclusion based on the analysis according to its algorithm and block a suspicious USB device that has been connected and that can intercept control over the computer. The results of the study could be used in the field of protection of information systems from attacks based on the seizure of control from external media. The designed solution increases the level of security of the system, making it possible to recognize a possibly pre-modified device at the connection stage

Qinhong Jiang,Yanze Ren,Yan Long,Chen Yan,Yumai Sun,Xiaoyu Ji,Kevin Fu,Wenyuan Xu

DOI: https://doi.org/10.14722/ndss.2024.23015

2024-01-01

Abstract:Keyboards are the primary peripheral input devices for various critical computer application scenarios.This paper performs a security analysis of the keyboard sensing mechanisms and uncovers a new class of vulnerabilities that can be exploited to induce phantom keys-fake keystrokes injected into keyboards' analog circuits in a contactless way using electromagnetic interference (EMI).Besides regular keystrokes, such phantom keys also include keystrokes that human operators cannot achieve, such as rapidly injecting over 10,000 keys per minute and injecting hidden keys that do not exist on the physical keyboard.The underlying principles of phantom key injections consist in inducing false voltages on keyboard sensing GPIO pins through EMI coupled onto matrix circuits.We investigate the voltage and timing requirements of injection signals both theoretically and empirically to establish the theory of phantom key injection.To validate the threat of keyboard sensing vulnerabilities, we design GhostType that can cause denial-of-service of the keyboard and inject random keystrokes as well as certain targeted keystrokes of the adversary's choice.We have validated GhostType on 48 of 50 off-the-shelf keyboards/keypads from 20 brands, including both membrane/mechanical structures and USB/Bluetooth protocols.Some example consequences of GhostType include completely blocking keyboard operations, crashing and turning off downstream computers, and deleting computer files.Finally, we glean lessons from our investigations and propose countermeasures, including shielding keyboards with metal materials and enhancing the keystroke sensing mechanism.

Yan Jiang,Xiaoyu Ji,Kai Wang,Chen Yan,Richard Mitev,Ahmad-Reza Sadeghi,Wenyuan Xu

DOI: https://doi.org/10.1109/tdsc.2023.3326181

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. This paper presents Marionette , the first wired attack that creates ghost touches on capacitive touchscreens via charging cables and can manipulate the victim's devices with undesired consequences, e.g., establishing malicious Bluetooth connections. Our study provides a new threat vector against touchscreens that only requires connecting to a malicious charging port, which could be a public charging station, and is effective across various USB data blockers and power adapters. Despite the fact that smartphones employ abundant noise reduction and voltage management techniques, we manage to inject carefully crafted signals that can induce ghost touches within a chosen range. The underlying principle is to inject common-mode noises over the power line to avoid being effectively filtered yet affecting the touch measurement mechanism and synchronize the malicious noise with the screen measurement scanning cycles to place the ghost touches at target locations. We achieve three types of attacks, i.e., injection, alteration, and Denial-of-Service, and the evaluation of 12 commercial electronics, 6 power adapters, and 13 charging cables demonstrate the feasibility of Marionette .

Yiru Xu,Hao Sun,Jianzhong Liu,Yuheng Shen,Yu Jiang

DOI: https://doi.org/10.1109/sp54263.2024.00051

2024-01-01

Abstract:The Universal Serial Bus (USB) is an essential component in modern operating systems, allowing for a wide assortment of peripherals to connect conveniently to a computer. The USB stack in an operating system usually consists of the following two components: the host-side driver and the device-side gadget driver, both of which are security-critical. If any vulnerabilities in these privileged-mode drivers are exploited, a malicious or malformed device could crash the whole system. Fuzzing, a popular automated vulnerability detection technology, has been applied to testing kernel components such as drivers with varying degrees of success. However, existing works mainly focus on one side and test drivers through emulating malicious input from userspace or peripherals while neglecting intricate internal states triggered only through interaction between the two boundaries, leaving a multitude of bugs exposed.In this paper, we propose Saturn, a host-gadget synergistic USB driver fuzzing approach, aiming to cover the entire handling chain throughout the USB communication. To achieve this, Saturn first leverages extracted driver information to attach gadgets systematically and trigger more driver types, facilitating the transition to interactive logic. Then, Saturn performs a persistent synergistic fuzzing process through canonical operation injection on both sides to play their own important roles, significantly expanding the states explored and exposing bugs in such logic. Compared to the state-of-the-art USB fuzzers, such as Syzkaller, USBFuzz and FUZZUSB, Saturn improves the branch coverage statistics on the corresponding stack by 1.53×, 3.69× and 2.3×, respectively. In addition, Saturn found 26 previously unknown bugs, among which are 4 CVEs, including drivers on each side.

Yan Jiang,Xiaoyu Ji,Kai Wang,Chen Yan,Richard Mitev,Ahmad-Reza Sadeghi,Wenyuan Xu

DOI: https://doi.org/10.1109/sp46214.2022.9833740

2022-01-01

Abstract:The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. To the best of our knowledge, this paper presents WIGHT, the first wired attack that creates ghost touches on capacitive touchscreens via charging cables, and can manipulate the victim devices with undesired consequences, e.g., allowing malicious Bluetooth connections, accepting files with viruses, etc. Our study calls for attention to a new threat vector against touchscreens that only requires connecting to a malicious charging port, which could be a public charging station, and is effective across various power adapters and even USB data blockers. Despite the fact that smartphones employ abundant noise reduction and voltage management techniques, we manage to inject carefully crafted signals that can induce ghost touches within a chosen range. The underlying principle is to inject common-mode noises over the power line to avoid being effectively filtered yet affect the touch measurement mechanism, and synchronize the malicious noise with the screen measurement scanning cycles to place the ghost touches at target locations. We achieve three types of attacks: injection attacks that create ghost touches without users touching the screen, alteration attacks that change the detected legitimate touch position, and Denial-of-Service attacks that prevent the device from identifying legitimate touches. Our evaluation on 6 smartphones, 1 tablet, 2 standalone touchscreen panels, 6 power adapters, and 13 charging cables demonstrates the feasibility of all three type attacks.

Koffi Anderson Koffi,Christos Smiliotopoulos,Constantinos Kolias,Georgios Kambourakis

DOI: https://doi.org/10.3390/electronics13112117

IF: 2.9

2024-05-30

Electronics

Abstract:Nowadays, The Universal Serial Bus (USB) is one of the most adopted communication standards. However, the ubiquity of this technology has attracted the interest of attackers. This situation is alarming, considering that the USB protocol has penetrated even into critical infrastructures. Unfortunately, the majority of the contemporary security detection and prevention mechanisms against USB-specific attacks work at the application layer of the USB protocol stack and, therefore, can only provide partial protection, assuming that the host is not itself compromised. Toward this end, we propose a USB authentication system designed to identify (and possibly block) heterogeneous USB-based attacks directly from the physical layer. Empirical observations demonstrate that any extraneous/malicious activity initiated by malicious/compromised USB peripherals tends to consume additional electrical power. Driven by this observation, our proposed solution is based on the analysis of the USB power consumption patterns. Valuable power readings can easily be obtained directly by the power lines of the USB connector with low-cost, off-the-shelf equipment. Our experiments demonstrate the ability to effectively distinguish benign from malicious USB devices, as well as USB peripherals from each other, relying on the power side channel. At the core of our analysis lies an Autoencoder model that handles the feature extraction process; this process is paired with a long short-term memory (LSTM) and a convolutional neural network (CNN) model for detecting malicious peripherals. We meticulously evaluated the effectiveness of our approach and compared its effectiveness against various other shallow machine learning (ML) methods. The results indicate that the proposed scheme can identify USB devices as benign or malicious/counterfeit with a perfect F1-score.

engineering, electrical & electronic,computer science, information systems,physics, applied

Anil Kumar Chillara,Paresh Saxena,Rajib Ranjan Maiti,Manik Gupta,Raghu Kondapalli,Zhichao Zhang,Krishnakumar Kesavan

DOI: https://doi.org/10.1007/s10207-024-00834-y

2024-03-15

International Journal of Information Security

Abstract:Due to its plug-and-play functionality and wide device support, the universal serial bus (USB) protocol has become one of the most widely used protocols. However, this widespread adoption has introduced a significant security concern: the implicit trust provided to USB devices, which has created a vast array of attack vectors. Malicious USB devices exploit this trust by disguising themselves as benign peripherals and covertly implanting malicious commands into connected host devices. Existing research employs supervised learning models to identify such malicious devices, but our study reveals a weakness in these models when faced with sophisticated data poisoning attacks. We propose, design and implement a sophisticated adversarial data poisoning attack to demonstrate how these models can be manipulated to misclassify an attack device as a benign device. Our method entails generating keystroke data using a microprogrammable keystroke attack device. We develop adversarial attacker by meticulously analyzing the data distribution of data features generated via USB keyboards from benign users. The initial training data is modified by exploiting firmware-level modifications within the attack device. Upon evaluating the models, our findings reveal a significant decrease from 99 to 53% in detection accuracy when an adversarial attacker is employed. This work highlights the critical need to reevaluate the dependability of machine learning-based USB threat detection mechanisms in the face of increasingly sophisticated attack methods. The vulnerabilities demonstrated highlight the importance of developing more robust and resilient detection strategies to protect against the evolution of malicious USB devices.

computer science, information systems, theory & methods, software engineering

Ke Zhong,Zhihao Jiang,Ke Ma,Sebastian Angel

2020-01-01

Abstract:This paper introduces RBFuse, a system for interacting with USB flash drives safely in commodity OSes while bypassing the complex and bug-prone USB stack on the host. RBFuse prevents attacks in which malicious USB flash drives exploit low-level USB driver vulnerabilities to compromise the host machine. The simple idea behind RBFuse is to remap the USB stack to a virtual machine and export the flash drive's file system as a mountable virtual file system. The result of this decomposition is that the host can access all the files in the flash drive without speaking USB. This is beneficial from a security standpoint, since the VFS interface is small, has well-defined semantics, and can be formally verified. RBFuse requires no hardware modifications and introduces low overhead.

Kuang Wang

2005-01-01

Abstract:The article designs a real-time bidirectional transmission channel.And it introduces the theory of the design,selects specific chip,introduces the hardware of the channel,and brings forward the method of designing USB firmware,driver,and application.

Gilang Ryan Fernandes,Ika Mei Lina

DOI: https://doi.org/10.37339/e-komtek.v7i2.1478

2023-12-13

Jurnal E-Komtek (Elektro-Komputer-Teknik)

Abstract:Advances in technology have resulted in hacking occurring everywhere. Hacking is the act of illegally accessing data and information. It is not uncommon for many hacking cases to harm various parties due to ignorance. The results of hacking at this time are widespread, one of which is a ransomware virus that can encrypt data, a keylogger is software that can monitor keyboard activity, and a WiFi USB human interface device which is where this attack is a virtual keyboard. This research assembles the components used for Human Interface Device (HID) by utilizing ATMEGA32U4 as a virtual keyboard and ESP8266 as WiFi media. This technique is used to obtain target information and data. This research aims to make people more careful and overcome hacking. It is hoped that people will be more concerned about system and data security. Based on the research results, WiFi HID USB attacks can be dangerous for computer owners who need to be more aware of various hacker attacks because this technique can directly take target access.

Mordechai Guri,Matan Monitz,Yuval Elovici

DOI: https://doi.org/10.48550/arXiv.1608.08397

2016-08-30

Abstract:In recent years researchers have demonstrated how attackers could use USB connectors implanted with RF transmitters to exfiltrate data from secure, and even air-gapped, computers (e.g., COTTONMOUTH in the leaked NSA ANT catalog). Such methods require a hardware modification of the USB plug or device, in which a dedicated RF transmitter is embedded. In this paper we present USBee, a software that can utilize an unmodified USB device connected to a computer as a RF transmitter. We demonstrate how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB connector. We also show that the emitted RF signals can be controlled and modulated with arbitrary binary data. We implement a prototype of USBee, and discuss its design and implementation details including signal generation and modulation. We evaluate the transmitter by building a receiver and demodulator using GNU Radio. Our evaluation shows that USBee can be used for transmitting binary data to a nearby receiver at a bandwidth of 20 to 80 BPS (bytes per second).

Cryptography and Security

C. Yun

Abstract:As a hot point in recent computer technology and embedded system field,USB vastly improves the development of peripheral devices for computer and some embedded systerms with USB interface are coming forth.The paper introduces a scheme which implements USB devices.It realizes the design of usb devices based on HID protocol using USB interface on microcontroller C8051F34x.It doesn′t need specially develop device driver porgram to implement USB device using this method,so it can reduce the develop circle.The method has high practicability and reliability.

Computer Science,Engineering

Wu Yiming,Chen Zhanglong,Tu Shiliang

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.11.066

2009-01-01

Abstract:Aiming at the problem of anomaly of USB communication incurred from outside interference,this paper describes the impact on USB communication from strong electricity interference.A method of self-recovering USB communication based on API is also introduced here.The method can recover USB communication from abnormal status due to strong electricity interference automatically and makes engineer develop USB device swiftly and efficiently without knowing about the details of the USB low-level driver and protocol.

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Chris Chapman,Scott Knight,Tom Dean

DOI: https://doi.org/10.48550/arXiv.1410.4304

2014-10-16

Cryptography and Security

Abstract:This paper identifies an intrusion surveillance framework which provides an analyst with the ability to investigate and monitor cyber-attacks in a covert manner. Where cyber-attacks are perpetrated for the purposes of espionage the ability to understand an adversary's techniques and objectives are an important element in network and computer security. With the appropriate toolset, security investigators would be permitted to perform both live and stealthy counter-intelligence operations by observing the behaviour and communications of the intruder. Subsequently a more complete picture of the attacker's identity, objectives, capabilities, and infiltration could be formulated than is possible with present technologies. This research focused on developing an extensible framework to permit the covert investigation of malware. Additionally, a Universal Serial Bus (USB) Mass Storage Device (MSD) based covert channel was designed to enable remote command and control of the framework. The work was validated through the design, implementation and testing of a toolset.

Sebastian Angel,Riad S. Wahby,Max Howald,Joshua B. Leners,Michael Spilo,Zhen Sun,Andrew J. Blumberg,Michael Walfish

DOI: https://doi.org/10.48550/arXiv.1506.01449

2016-06-30

Abstract:Malicious peripherals designed to attack their host computers are a growing problem. Inexpensive and powerful peripherals that attach to plug-and-play buses have made such attacks easy to mount. Making matters worse, commodity operating systems lack coherent defenses, and users are often unaware of the scope of the problem. We present Cinch, a pragmatic response to this threat. Cinch uses virtualization to attach peripheral devices to a logically separate, untrusted machine, and includes an interposition layer between the untrusted machine and the protected one. This layer regulates interaction with devices according to user-configured policies. Cinch integrates with existing OSes, enforces policies that thwart real-world attacks, and has low overhead.

Operating Systems,Cryptography and Security

Rendong Ying

2007-01-01

Abstract:A remote USB system scheme with its software architecture was proposed. USB is widely used as a computer peripheral device,but in embedded system applications,where remote control is required,restrictions are imposed on USB transfer distance by its hardware structure.The proposed driver structure extends USB system in Windows so that it can seamlessly support remote USB subsystem without modifying current USB device driver.The implementation and performance testing demonstrate that the projected scheme is effective,efficient and highly portable.Besides,with a parallel processing architecture,the proposed system supports multiple remote USB system clients,and therefore is fit for large scale controlling and testing based on embedded USB devices,which is of great value to the embedded system applications based on USB devices.

Sayed Erfan Arefin,Abdul Serwadda

2024-10-03

Abstract:Modern computers rely on USB and HDMI ports for connecting external peripherals and display devices. Despite their built-in security measures, these ports remain susceptible to passive power-based side-channel attacks. This paper presents a new class of attacks that exploit power consumption patterns at these ports to infer GPU activities. We develop a custom device that plugs into these ports and demonstrate that its high-resolution power measurements can drive successful inferences about GPU processes, such as neural network computations and video rendering. The ubiquitous presence of USB and HDMI ports allows for discreet placement of the device, and its non-interference with data channels ensures that no security alerts are triggered. Our findings underscore the need to reevaluate and strengthen the current generation of HDMI and USB port security defenses.

Cryptography and Security