Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Data Storage Open Source Privacy Security Hardware

New 'USG' Firewalls Protect USB Drives From Malicious Attacks (zdnet.com) 67

A developer has created the USG, "a small, portable hardware USB firewall...to prevent malicious USB sticks and devices laden with malware from infecting your computer." An anonymous reader quotes ZDNet: The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning... Cars, cash registers, and some ATMs also come with USB ports, all of which can be vulnerable to cyberattacks from a single USB stick. That's where the USG firewall comes in...a simple hardware serial link that only accepts a very few select number of safe commands, which prevents the device from executing system commands or intercepting network traffic. That means the data can flow from the USB device, but [it] effectively blocks other USB exploits.
The firmware has been open sourced, and the technical specifications have also been released online "to allow anyone to build their own from readily available development boards."
This discussion has been archived. No new comments can be posted.

New 'USG' Firewalls Protect USB Drives From Malicious Attacks

Comments Filter:
  • by kiviQr ( 3443687 ) on Saturday March 11, 2017 @04:46PM (#54019723)
    Just in case first gets hacked you can stack them USG-USG-USG-USG-...-USB
  • Sorry, but couldn't get past all that sheep speak (aka dumbed down language). What exactly is that bridge for? Preventing badusb? Actually checking for malware files stored on the usb stick's filesystem? Preventing computers to flash the usb stick's firmware to make attacks permanent?

    • You'd have to read the wiki article at the first link four words into the slashdot summary, but yeah, that's what the developer says:

      https://github.com/robertfisk/USG/wiki [github.com]

      The USG isolates BadUSB devices from your computer, while still passing through the data you need.

    • by gweihir ( 88907 )

      It is about preventing an USB stick from claiming to be something else, e.g. a keyboard or a network card. Not that that helps any if there is a malicious executable on the stick...

    • by guruevi ( 827432 )

      Even trudging through the code, it's hard to decipher what it actually does besides implement a basic USB host and USB target and then proxy the commands (with some minor filtering for things that aren't "spec"). I'm supposing that you plug it in, and you have to program it yourself to accept a certain device or range of devices which you 'trust' but even then, it's not going to prevent someone from making a USB thing that emulates your USB thing and does malicious things.

      I'm sure you can eventually turn it

  • --Will the USG device protect against a thumbdrive that would fry your *computer* (electrically) if you plugged it in?

  • USB1 only (Score:5, Informative)

    by sirsnork ( 530512 ) on Saturday March 11, 2017 @05:01PM (#54019787)

    Sadly it's only USB1, so basically useless for moving files, which I imagine is the designed purpose. A cool device certainly, but at USB1 speeds more of a cool research project than something actually useful

    • Thank you sirsnork for participating on Slashdot. Comments like yours bring me back. I have no mod points at the moment.
  • by mentil ( 1748130 ) on Saturday March 11, 2017 @05:01PM (#54019789)

    As far as I could glean from the article, the USG does nothing to stop USB devices from registering as a keyboard and then emulating keypresses to open up a back door. Having a physical switch on the USG that indicates 'this device is a keyboard' could stop that... for malicious devices that aren't actually USB keyboards.

    I'm also skeptical hat the 'short list of approved commands' is 100% safe and there are no driver vulnerabilities linked to any of those commands. Also, if you plug a new USB device in thru this USG and it doesn't work, are you going to say 'too bad, probably infected', or are you going to remove the USG and try again?

    • by Anonymous Coward

      Simply lock the computer when you leave it to prevent fake keyboard.
      This is more for blocking something like the Bash Bunny. That thing will backdoor a locked computer by pretending it's a USB NIC.

    • by AmiMoJo ( 196126 )

      I'm also skeptical hat the 'short list of approved commands' is 100% safe and there are no driver vulnerabilities linked to any of those commands.

      Me too. USB doesn't use "commands". There are no USB commands. Perhaps they mean that they filter SCSI commands for USB flash drives or something.

      In any case, many of the vulnerabilities are likely to be down to malformed descriptors. Descriptors tell the computer what the USB device is and in the case of standard things like keyboards and flash drives there are descriptors that give the parameters required to talk to it. Driver vulnerabilities will mostly be in the way these descriptors are parsed.

      It also

      • It is as useless as a virus scanner is at preventing a user from writing their password on a post-it on the screen. That is to say, both you and the GP are talking about a different attack vector than the BadUSB vulnerability which relies on being able to enumerate two different devices at once at run time on the same bus and do something malicious while pretending to do something else. E.g. a USB mass storage device that logs keystrokes. This device here will prevent either the keylogging or the USB mass s

        • by jabuzz ( 182671 )

          True, but the next step is to put a hub in the middle integrated into the USB stick. So you see a USB hub plugged into a port with a USB mass storage device and a USB keyboard attached. We are then right back to square one. I guess the firewall could be programmed to reject hubs to prevent this, but it's all getting rather messy. The better solution is to stop using USB anything to move data about; the network is the computer remember.

          • That's not too silly and I've done this myself. I built a device which presents to the OS as a USB hub as a quick and dirty way to work around two microcontrollers communicating on one USB bus without having to design and program a bus system between them.

            This would easily defeat this device as far as I can see.

    • As far as I could glean from the article, the USG does nothing to stop USB devices from registering as a keyboard and then emulating keypresses to open up a back door.

      No it doesn't. As far as I can understand what it does do is prevent a USB mass storage device, or a USB network card, or a USB monitor, etc, etc, pretending to be both what it is and also a keyboard at the same time. It also prevents it from changing at some point while being used to do something malicious and then changing back. What you are describing is a different attack vector to the BadUSB exploit this is designed to prevent.

      People picking up dirty USB sticks in the carpark will only continue to use

  • I've never yet seen an OS where you can't turn autorun off. Once you've done that, why do you need this?
    • USB devices can be more than file systems.

      Having autorun off is not going to stop a USB device pretending to be a keyboard or mouse or whatnot.

      • You can prevent Windows from installing new USB devices by type.

        Mind you if you're keyboard then breaks you're screwed without some form of remote access or a PS/2 port.

    • It's not auto-running a file on a filesystem. It's automatically talking to the firmware on the USB controller, something that every OS needs to allow for a USB device to function.

      • Why can't you just use a different USB driver for your OS that filters, alerts on, requires additional permission for, or blocks whatever you want, rather than buying a new piece of hardware?

        I mean, I get the voltage thing to fry a port, but that's a DOS attack no worse than someone who is physically there just smashing the port/computer. Why not just secure the USB device driver in the first place?

        • This device won't prevent the frying of the port.

          And yes you can prevent BadUSB by diligently disabling auto-installation of new USB devices (no need for a driver, you can do that in Group Policy). You can even do it on a per ID basis. However I mentioned what could go wrong in another thread: Say you've locked down the system by ID to prevent auto-install of new USB HID devices (the key-logging portion of this attack).

          And your keyboard / mouse combination breaks.

          What now? You need the exact same make and m

  • "The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning"

    Windows only I presume ..
  • This device does not stop the worst of the USB issues the Capacitor killer that draws in electricity, charges a capacitor, then releases it all back into the PC at high voltage and capacity, frying the computer.

  • The USG admits it's not high level. But to me it's a start. And a start is better than having nothing. (I wonder if if protects against bad memory sticks that fry your computer??)
  • There was an article here a few months ago about a USB Killer device that will send a stream of electricity to whatever device it's plugged into, destroying the USB port at minimum, or the entire device at worst.
  • by c10 ( 595575 )
    It's probaly more drywall than firewall.

Trap full -- please empty.

Working...