Connect with us

Hi, what are you looking for?


Endpoint Security

Google Releases Tool to Block USB Keystroke Injection Attacks

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from. 

With keystroke injection tools being easily availabile, they are able to send keystrokes immensely fast while being effectively invisible to the victim. Delivered over USB, keystroke injection attacks require a Human Interface Device Driver.

Meant for Linux systems, the tool announced by Google this week measures the timing of incoming keystrokes in an attempt to determine if this is an attack based on predefined heuristics, without the user being involved.  

Two modes of operation are available, namely MONITOR and HARDENING. In the former mode, it won’t block devices classified as malicious, but will write information about them to syslog. In the latter mode, however, the tool immediately blocks devices classified as malicious/attacking. 

USB Keystroke Injection Protection ships with the HARDENING mode enabled by default and is available in open source on GitHub, where a step-by-step guide provides details on how to get up and running the systemd daemon that is enabled on reboot. 

“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” Google explains. 

The solution was designed as an added layer of protection by letting users see the attack happening, as the keystrokes are either delayed enough to circumvent the tool’s logic, or happen fast enough to be detected by the tool.

Advertisement. Scroll to continue reading.

“The tool can be complemented with other Linux tools, such as fine-grained udev rules or open source projects like USBGuard, to make successful attacks more challenging. The latter lets users define policies and allow/block specific USB devices or block USB devices while the screen is locked,” Google also says.

Related: USBAnywhere: BMC Flaws Expose Supermicro Servers to Remote Attacks

Related: ‘Saefko’ Multi-Layered RAT Can Spread via USB Drives

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...