Universal Serial Bus (USB) Flash Drives are nowadays one of the most
convenient and diffused means to transfer files, especially when no Internet
connection is available. However, USB flash drives are also one of the most
common attack vectors used to gain unauthorized access to host devices. For
instance, it is possible to replace a USB drive so that when the USB key is
connected, it would install passwords stealing tools, root-kit software, and
other disrupting malware. In such a way, an attacker can steal sensitive
information via the USB-connected devices, as well as inject any kind of
malicious software into the host.
To thwart the above-cited raising threats, we propose MAGNETO, an efficient,
non-interactive, and privacy-preserving framework to verify the authenticity of
a USB flash drive, rooted in the analysis of its unintentional magnetic
emissions. We show that the magnetic emissions radiated during boot operations
on a specific host are unique for each device, and sufficient to uniquely
fingerprint both the brand and the model of the USB flash drive, or the
specific USB device, depending on the used equipment. Our investigation on 59
different USB flash drives---belonging to 17 brands, including the top brands
purchased on Amazon in mid-2019---, reveals a minimum classification accuracy
of 98.2% in the identification of both brand and model, accompanied by a
negligible time and computational overhead. MAGNETO can also identify the
specific USB Flash drive, with a minimum classification accuracy of 91.2%.
Overall, MAGNETO proves that unintentional magnetic emissions can be considered
as a viable and reliable means to fingerprint read-only USB flash drives.
Finally, future research directions in this domain are also discussed.Comment: Accepted for publication in ACM Transactions on Embedded Computing
Systems (TECS) in September 202