Slashdot Mirror

← Back to Stories (view on slashdot.org)

New 'USG' Firewalls Protect USB Drives From Malicious Attacks (zdnet.com)

Posted by EditorDavid on from the sanitizing-your-sticks dept.

A developer has created the USG, "a small, portable hardware USB firewall...to prevent malicious USB sticks and devices laden with malware from infecting your computer." An anonymous reader quotes ZDNet: The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning... Cars, cash registers, and some ATMs also come with USB ports, all of which can be vulnerable to cyberattacks from a single USB stick. That's where the USG firewall comes in...a simple hardware serial link that only accepts a very few select number of safe commands, which prevents the device from executing system commands or intercepting network traffic. That means the data can flow from the USB device, but [it] effectively blocks other USB exploits.
The firmware has been open sourced, and the technical specifications have also been released online "to allow anyone to build their own from readily available development boards."

10 of 67 comments (clear)

  1. good thing is that you can stack them USG-USG-USB by kiviQr · · Score: 2

    Just in case first gets hacked you can stack them USG-USG-USG-USG-...-USB

  2. USB1 only by sirsnork · · Score: 5, Informative

    Sadly it's only USB1, so basically useless for moving files, which I imagine is the designed purpose. A cool device certainly, but at USB1 speeds more of a cool research project than something actually useful

    --

    Normal people worry me!
  3. Bad Keyboard Still Possible by mentil · · Score: 4, Interesting

    As far as I could glean from the article, the USG does nothing to stop USB devices from registering as a keyboard and then emulating keypresses to open up a back door. Having a physical switch on the USG that indicates 'this device is a keyboard' could stop that... for malicious devices that aren't actually USB keyboards.

    I'm also skeptical hat the 'short list of approved commands' is 100% safe and there are no driver vulnerabilities linked to any of those commands. Also, if you plug a new USB device in thru this USG and it doesn't work, are you going to say 'too bad, probably infected', or are you going to remove the USG and try again?

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Bad Keyboard Still Possible by thegarbz · · Score: 2

      As far as I could glean from the article, the USG does nothing to stop USB devices from registering as a keyboard and then emulating keypresses to open up a back door.

      No it doesn't. As far as I can understand what it does do is prevent a USB mass storage device, or a USB network card, or a USB monitor, etc, etc, pretending to be both what it is and also a keyboard at the same time. It also prevents it from changing at some point while being used to do something malicious and then changing back. What you are describing is a different attack vector to the BadUSB exploit this is designed to prevent.

      People picking up dirty USB sticks in the carpark will only continue to use those USB sticks if they actually work as USB sticks. If they plug it in an the only thing that comes up is a keyboard they will toss it in the bin (if they are poor at security) or light up their entire computer with thermite (if they are good at security). No one is dropping USB keyboards in a car park.

    2. Re:Bad Keyboard Still Possible by thegarbz · · Score: 2

      It is as useless as a virus scanner is at preventing a user from writing their password on a post-it on the screen. That is to say, both you and the GP are talking about a different attack vector than the BadUSB vulnerability which relies on being able to enumerate two different devices at once at run time on the same bus and do something malicious while pretending to do something else. E.g. a USB mass storage device that logs keystrokes. This device here will prevent either the keylogging or the USB mass storage functionality from working. The former is safe for the PC, the second is an indicator that something isn't right to the user.

      And these pretending to other devices attacks are a relevant attack vector as malicious USB sticks are used for targeted espionage. Sure you could make a malicious keyboard, but then you actually have to get that keyboard to the victim and dropping it in a parking lot is unlikely to do you much good.

  4. Re:So... by currently_awake · · Score: 2

    Assuming the bridge doesn't connect to the computers USB power rails, yes. Once.

  5. Re:why by wonkey_monkey · · Score: 2

    Because there are some USB devices which have a legitimate purpose for doing all of these "bad" things, so they'd be rendered useless.

    --
    systemd is Roko's Basilisk.
  6. Re:why by fibonacci8 · · Score: 2

    I'll bite... Name one device that presents itself as one type of device to the user and then presents itself as a different type of device to the USB subsystem inside the computer that could be described as "a legitimate purpose". Some devices do, but that doesn't fit any definition of the word "legitimate" that I've encountered. Intentionally hiding things from users is the opposite of legitimate.

    --
    Inheritance is the sincerest form of nepotism.
  7. Re:So what is it for? by guruevi · · Score: 2

    Even trudging through the code, it's hard to decipher what it actually does besides implement a basic USB host and USB target and then proxy the commands (with some minor filtering for things that aren't "spec"). I'm supposing that you plug it in, and you have to program it yourself to accept a certain device or range of devices which you 'trust' but even then, it's not going to prevent someone from making a USB thing that emulates your USB thing and does malicious things.

    I'm sure you can eventually turn it into an anti-virus by putting in a number of patterns that 'known bad' USB devices do but then the same issue arises with AV - you either spend a massive amount of money and time on analyzing every bit pattern passing by and statistically analyze whether it fits within a 'good' thing or you whitelist/blacklist certain things.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  8. Re:why by heypete · · Score: 3, Informative

    I have Huawei USB cellular modem that identifies itself simultaneously as:
    1. USB mass storage, if one has a microSD card in the internal slot. This is handy for storing files and whatnot on the stick.
    2. As a CD-ROM drive with a virtual CD containing the drivers needed for the cellular modem functionality, so the user can install the drivers needed while only possessing the stick itself (e.g. no real CD, no internet download, etc.).
    3. As a cellular modem.