Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from.
With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.
Meant for Linux systems, the tool announced by Google this week measures the timing of incoming keystrokes in an attempt to determine if this is an attack based on predefined heuristics, without the user being involved.
Two modes of operation are available, namely MONITOR and HARDENING. In the former mode, it won’t block devices classified as malicious, but will write information about them to syslog. In the latter mode, however, the tool immediately blocks devices classified as malicious/attacking.
USB Keystroke Injection Protection ships with the HARDENING mode enabled by default and is available in open source on GitHub, where a step-by-step guide provides details on how to get up and running the systemd daemon that is enabled on reboot.
“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” Google explains.
The solution was designed as an added layer of protection by letting users see the attack happening, as the keystrokes are either delayed enough to circumvent the tool’s logic, or happen fast enough to be detected by the tool.
“The tool can be complemented with other Linux tools, such as fine-grained udev rules or open source projects like USBGuard, to make successful attacks more challenging. The latter lets users define policies and allow/block specific USB devices or block USB devices while the screen is locked,” Google also says.
Related: USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks
Related: ‘Saefko’ Multi-Layered RAT Can Spread via USB Drives
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
