USBWall: A Novel Security Mechanism to Protect Against Maliciously Reprogrammed USB Devices

Abstract

Universal Serial Bus (USB) is a popular choice of interfacing computer systems with peripherals. With the increasing support of modern operating systems, it is now truly plug-and-play for most USB devices. However, this great convenience comes with a risk which can allow a device to perform arbitrary actions at any time while it is connected. Researchers have confirmed that a simple USB device such as a mass storage device can be disguised to have an additional function such as a keyboard. An unauthorized keyboard attachment can compromise the security of the host by allowing arbitrary keystrokes to enter the host. This undetectable threat differs from traditional virus that spreads via USB devices due to the location it is stored and the way it behaves. Therefore, it is impossible for current file-level antivirus to be aware of such risk. Currently, there is no commercially available protection for USB devices other than mass storage devices. We propose a novel way to protect the host via a software/hardware solution we named a USBWall. USBWall uses BeagleBoard Black (BBB), a low-cost open-source computer, to act as a middleware to enumerate the devices on behalf of the host. We developed a program to assist the user to identify the risk of a device. We present a simulated USB device with malicious firmware to the USBWall. Based on the results, we confirm that using the USBWall to enumerate USB devices on behalf of the host eliminates risks to the hosts.