USB borne attacks and usable defense mechanisms

Cite

FOSDEM VZW

Mueller, Tobias Nittis, Ludovico de

Formal Metadata

Title

USB borne attacks and usable defense mechanisms

Subtitle

Hardening built into the operating system without compromising on usability

Title of Series

FOSDEM 2019

Number of Parts

561

Author

Mueller, Tobias

Nittis, Ludovico de

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/44629 (DOI)

Publisher

FOSDEM VZW

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

The attack surface of USB is quite large and while disabling USB altogether solves the problem, it creates many other. As do existing protection mechanisms. They suffer from poor usability and missing integration into the operating system. We present our approach to defending against rogue USB devices for a GNOME-based operating system. USB is arguably to most exposed interface of a user's machine. It allows an attacker to interact with pretty much any driver, many of which are of questionable quality. We try to be smart about when to allow new USB devices. First, we try to detect when the user is present, arguing that if the user is not then new USB devices should not work. But it is not that simple, because you might very well want to attach a new keyboard in case yours breaks. Keyboards, however, pose another risk as several attacks have shown. But not all keyboards are equally bad and we propose to promote a harmless keyboard to become dangerous after getting the user's consent. It is not entirely clear yet how to that best, so your feedback and a discussion is certainly welcome!