1. USBCheckIn: Preventing BadUSB attacks by forcing human-device interaction
- Author
-
Federico Griscioli, Maurizio Pizzonia, Marco Sacchetti, HOSSEIN SARRAFZADEH, Griscioli, Federico, Pizzonia, Maurizio, and Sacchetti, Marco
- Subjects
Forcing (recursion theory) ,business.industry ,Computer science ,Firmware ,020209 energy ,Authorization ,02 engineering and technology ,USB ,computer.software_genre ,law.invention ,eXtensible Host Controller Interface (xHCI) ,Ask price ,law ,Embedded system ,USB hub ,0202 electrical engineering, electronic engineering, information engineering ,business ,Host (network) ,computer ,Computer hardware - Abstract
The BadUSB attack leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard or a mouse and send malicious commands to the host. This is a new and dreadful threat for any organization. Current countermeasures either require special USB devices or ask the user to decide if the device can be used. We propose a new approach that, before allowing the device to be used, forces the user to interact with it physically, to ensure that a real human-interface device is attached. Our implementation is hardware-based and, hence, can be used with any host, comprising embedded devices, and also during boot, i.e., before any operating system is running. Our approach does not require any special feature from USB devices.
- Published
- 2016