We design, implement, and evaluate a simple yet very effective and extensible system-level countermeasure based on USB packet traffic analysis to detect and defend against such attacks without requiring user intervention. We devise criteria for automating their detection. We study the behavioral characteristics of Rubber Ducky and BadUSB classes of attacks. Specifically, we make the following contributions: Such an approach relieves the end user from being involved in trust decisions and thus, makes the security of the system less dependent to user actions. In this paper, we provide insights on how these USB-protocol-level attacks work and explore how their attack patterns can be detected at the system level.
#Wireshark usb keyboard drivers
The associated threat is rather high: at this level the device interfaces directly with device drivers that run in the most privileged level of modern consumer-grade operating systems (e.g., as ring-0 modules of the Linux kernel). BadUSB Footnote 1 and Rubber Ducky Footnote 2 classes of attacks are successful demonstrations of the attack feasibility. This capability has been exploited as a subtle attack vector, hiding malicious functionality on an abstraction layer that modern computer antivirus cannot cope with. Lately, there are devices on the market with the ability to update their USB firmware. It is a complex communication protocol, often implemented and offered as a firmware.
Under the hood, USB is more than a simple connector. As network-based defenses steadily improve and can block efficiently the malicious network traffic reaching an organization, USB becomes an attractive entry point for penetrating an organization. Many different attack vectors abuse the pervasiveness of USB, as for example dropping USB thumb drives on parking lots for users to pick up and attach on their computers . It is used to connect a plethora of peripheral devices to computers, including keyboards, mice, cameras, printers, and storage media.
#Wireshark usb keyboard serial
The Universal Serial Bus (USB) is by far the most widely-used connector for modern computer systems.
0 kommentar(er)
