Distributed architecture to enhance systems protection against unauthorized activity via USB devices

Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection

MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions

Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so that when the USB key is connected, it would install passwords stealing tools, root-kit software, and other disrupting malware. In such a way, an attacker can steal sensitive information via the USB-connected devices, as well as inject any kind of malicious software into the host. To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of its unintentional magnetic emissions. We show that the magnetic emissions radiated during boot operations on a specific host are unique for each device, and sufficient to uniquely fingerprint both the brand and the model of the USB flash drive, or the specific USB device, depending on the used equipment. Our investigation on 59 different USB flash drives---belonging to 17 brands, including the top brands purchased on Amazon in mid-2019---, reveals a minimum classification accuracy of 98.2% in the identification of both brand and model, accompanied by a negligible time and computational overhead. MAGNETO can also identify the specific USB Flash drive, with a minimum classification accuracy of 91.2%. Overall, MAGNETO proves that unintentional magnetic emissions can be considered as a viable and reliable means to fingerprint read-only USB flash drives. Finally, future research directions in this domain are also discussed.Comment: Accepted for publication in ACM Transactions on Embedded Computing Systems (TECS) in September 202

Vulnerabilidades nas conexões USB em dispositivos com o sistema Android

Nos últimos anos, a quantidade de ataques em Smartphones aumentou rapidamente, principalmente devido a complexidade de manter os Sistemas Operativos atuais a gerir esses dispositivos. A complexidade de evitar vulnerabilidades nos sistemas operativos moveis atuais torna-os vulneráveis a muitos tipos de ataques. Esta dissertaçao apresenta informações resultantes do uso do Android Debug Bridge para extrair dados privados de smartphones. Foram identificados três cenarios e foi desenvolvido uma prova de conceito. Ao ser executado num computador, o script á capaz de extrair dados privados de um smartphone quando este e conectado por USB. Em dois cenarios foi possível extrair a informacao de forma totalmente furtiva, sem o conhecimento do utilizador. No terceiro cenário, utilizando uma versão mais recente do Sistema Operativo Android, e necessaria uma açao do utilizador, o que torna o ataque menos provavel de ter exito, mas ainda possível