SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Google Releases Tool to Block USB Keystroke Injection Attacks

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

Meant for Linux systems, the tool announced by Google this week measures the timing of incoming keystrokes in an attempt to determine if this is an attack based on predefined heuristics, without the user being involved.  

Two modes of operation are available, namely MONITOR and HARDENING. In the former mode, it won’t block devices classified as malicious, but will write information about them to syslog. In the latter mode, however, the tool immediately blocks devices classified as malicious/attacking. 

USB Keystroke Injection Protection ships with the HARDENING mode enabled by default and is available in open source on GitHub, where a step-by-step guide provides details on how to get up and running the systemd daemon that is enabled on reboot. 

“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” Google explains. 

The solution was designed as an added layer of protection by letting users see the attack happening, as the keystrokes are either delayed enough to circumvent the tool’s logic, or happen fast enough to be detected by the tool.

“The tool can be complemented with other Linux tools, such as fine-grained udev rules or open source projects like USBGuard, to make successful attacks more challenging. The latter lets users define policies and allow/block specific USB devices or block USB devices while the screen is locked,” Google also says.

Advertisement. Scroll to continue reading.

Related: USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks

Related: ‘Saefko’ Multi-Layered RAT Can Spread via USB Drives

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Zero Trust and Identity and Access Management Zero Trust and Identity and Access Management

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

February 6, 2023
Okta hack Okta hack

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

November 3, 2023
Windows 7 Extended Security Updates, Windows 8.1 Reach End of Support

Endpoint Security

Windows 7 Extended Security Updates, Windows 8.1 Reach End of Support

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

January 10, 2023
DMARC Implemented on Half of U.S. Government Domains

Compliance

DMARC Implemented on Half of U.S. Government Domains

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

January 3, 2018
DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Email Security

DMARC Adoption Low in Fortune 500, FTSE 100 Companies

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

August 23, 2017
Thoma Bravo Merges ForgeRock with Ping Identity

Funding/M&A

Thoma Bravo Merges ForgeRock with Ping Identity

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

August 23, 2023
VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

December 13, 2022
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022