Slashdot Mirror

← Back to Stories (view on slashdot.org)

USB Canary Sends An SMS When Someone Tinkers With Your USB Ports (bleepingcomputer.com)

Posted by BeauHD on from the tinker-toys dept.

An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a "No USB drives" at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems.

4 of 40 comments (clear)

  1. USB fishing by Okian+Warrior · · Score: 2

    I've heard stories about how businessmen staying in Chinese hotels leave their laptops in the room while going out, and the "maid" comes in, sticks in a USB drive, and downloads all the files.

    I've often wondered if it's possible to make a spring-loaded trap that would clamp down on a USB device and prevent it from being removed. The USB connector has 2 square holes that square pegs might fit into.

    It might be possible to "fish" for these foreign USB devices, and reverse engineer them to see what sorts of attack they use.

    1. Re:USB fishing by Anonymice · · Score: 3, Insightful

      Better nail your laptop down too, then! If they're going to be rumbled anyway, they might as well just take the fucker.

  2. Windows USB log tool by Anonymous Coward · · Score: 2, Informative

    http://www.nirsoft.net/utils/usb_log_view.html

  3. Re:That's nothing... by HornWumpus · · Score: 2

    IT security guy...you know a 'rubber ducky' is a penetration tool? The ones with actual rubber duckys printed on them are sold to poseurs, real hackers just modify the right old thumb drive.

    PCs with windows or Linux (with autorun disabled) are owned by plugging it in. The computer thinks it's a keyboard and trusts it. It runs scripts, which can be toxic.

    Does IT get called when someone's keyboard gets disconnected then plugged back in or only for USB storage?

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'