Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Privacy Security Communications Networking OS X Open Source Software Windows Hardware IT Linux

USB Canary Sends An SMS When Someone Tinkers With Your USB Ports (bleepingcomputer.com) 40

An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a "No USB drives" at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems.
This discussion has been archived. No new comments can be posted.

USB Canary Sends An SMS When Someone Tinkers With Your USB Ports

Comments Filter:
  • by Okian Warrior ( 537106 ) on Friday March 31, 2017 @08:32PM (#54155589) Homepage Journal

    I've heard stories about how businessmen staying in Chinese hotels leave their laptops in the room while going out, and the "maid" comes in, sticks in a USB drive, and downloads all the files.

    I've often wondered if it's possible to make a spring-loaded trap that would clamp down on a USB device and prevent it from being removed. The USB connector has 2 square holes that square pegs might fit into.

    It might be possible to "fish" for these foreign USB devices, and reverse engineer them to see what sorts of attack they use.

    • Re:USB fishing (Score:4, Insightful)

      by Anonymice ( 1400397 ) on Friday March 31, 2017 @10:01PM (#54155917)

      Better nail your laptop down too, then! If they're going to be rumbled anyway, they might as well just take the fucker.

    • by Misagon ( 1135 )

      How about making ports like the infamous "USB Kill Stick" but in reverse? Any unauthorized device connected to the port would get fried.
      The attacker would probably not find out what happened until afterwards when they try to get the data from the attacking device.

      But yeah, if we knew what kind of attack they used to gain access one could provide another set of files: a honey pot, or just innocuous data.

  • you may as well burn your computer... Why not just have a USB self destruct, once someone has "tinkered" with your USB ports you can't guarantee anything.
  • Plug in an unauthorized USB stick at my job and security will be at your desk in five minutes to confiscate it.
    • A Rubber ducky? Those look like keyboards to the machines...and run scripts.

      You can hack up a 2gig USB drive into one. Certain models only.

      • by creimer ( 824291 )

        A Rubber ducky?

        I personally prefer to have a Hello, Kitty! 8GB USB stick. :P [amzn.to]

        • IT security guy...you know a 'rubber ducky' is a penetration tool? The ones with actual rubber duckys printed on them are sold to poseurs, real hackers just modify the right old thumb drive.

          PCs with windows or Linux (with autorun disabled) are owned by plugging it in. The computer thinks it's a keyboard and trusts it. It runs scripts, which can be toxic.

          Does IT get called when someone's keyboard gets disconnected then plugged back in or only for USB storage?

          • by creimer ( 824291 )

            IT security guy...you know a 'rubber ducky' is a penetration tool?

            I've heard about them, haven't seen them. My job in InfoSec is to fix problems. Scanning and penetration is a different department. I thought you meant this rubber ducky [amzn.to].

            Does IT get called when someone's keyboard gets disconnected then plugged back in or only for USB storage?

            I don't know. I work with workstations and not with users. The workstations are locked down tighter than a virgin nerd's ass. If you create a file and leave it on your desktop for too long (all data is supposed to be stored on the network), you will need administrator access to modify the file.

  • When I saw the headline, my first thought was "I could probably do this pretty quickly on a Linux machine in Python."

    Then I read the summary.

  • Windows USB log tool (Score:2, Informative)

    by Anonymous Coward

    http://www.nirsoft.net/utils/usb_log_view.html

  • Which one wins the race? The USB kill stick as it does its powerful best to fry your MoBo, or the Python code trying to send out a network message before some critical component coughs up smoke? My money's on the kill stick.

  • I came here to read about suicides, death threats, people linking to some research about the pros/cons of a green-to-orange transition in nerd communities, etc. And then I realised about today's date and well... nice one, Slashdot! The doomsday-like alternative would have been much funnier though.
    • Clarification for those with problems to understand context, intention, sarcasm and/or over-3-word ideas: sorry for not having included a closing smiley or LOL in my previous comment to help you understand that I was joking. How could you know it otherwise, right? Because you think that there are lots of people doing really weird things just for a change of name/colour, because Slashdot is exactly the kind of place where these people go and because I would enjoy witnessing such idiocy? (-> all this is mo
  • The joke should be pretty obvious though, just read the headline and replace a few words.

    Sorry I just don't want to lose my job or get in any trouble :)

"There is no distinctly American criminal class except Congress." -- Mark Twain

Working...