Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Google Releases Tool to Block USB Keystroke Injection Attacks

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

Meant for Linux systems, the tool announced by Google this week measures the timing of incoming keystrokes in an attempt to determine if this is an attack based on predefined heuristics, without the user being involved.  

Two modes of operation are available, namely MONITOR and HARDENING. In the former mode, it won’t block devices classified as malicious, but will write information about them to syslog. In the latter mode, however, the tool immediately blocks devices classified as malicious/attacking. 

USB Keystroke Injection Protection ships with the HARDENING mode enabled by default and is available in open source on GitHub, where a step-by-step guide provides details on how to get up and running the systemd daemon that is enabled on reboot. 

“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” Google explains. 

The solution was designed as an added layer of protection by letting users see the attack happening, as the keystrokes are either delayed enough to circumvent the tool’s logic, or happen fast enough to be detected by the tool.

“The tool can be complemented with other Linux tools, such as fine-grained udev rules or open source projects like USBGuard, to make successful attacks more challenging. The latter lets users define policies and allow/block specific USB devices or block USB devices while the screen is locked,” Google also says.

Related: USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks

Related: ‘Saefko’ Multi-Layered RAT Can Spread via USB Drives

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.