Google has released a new software tool to detect possible USB keystroke intrusion attacks and block apps.
With keystroke injection devices that are readily accessible, they can send keystrokes incredibly quickly while essentially remaining invisible to the victim. Keystroke attacks performed via USB require a Human Interface System Driver.
In Linux systems, this week’s tool announced by Google tests the timing of incoming keys to see if this is a predefined heuristics-related attack without affecting the user.
There are two modes of service, Control and HARDENING. In the former mode, it will not block devices that are classified as malicious, but it will write syslog information. But in the latter case, the tool automatically blocks malicious / attacking apps.
USB Keystroke Injection Security ships are default HARDENING enabled and are available on the GitHub in open source. The step-by-step guide explains how to start the reboot-enabled system daemon.
“The device is not a silver bullet against USB attacks or keystroke injection attacks, as an attacker using a user’s computer (required for USB injection keystrokes) will do worse when the computer remains unlocated,” explains Google.
The solution was designed as an additional defensive layer allowing users to perceive the assault as it is either sufficiently delayed to bypass the logic of the device or is sufficiently fast to detect it.
“Other Linux tools, including fine grained udev rules or open source projects such as USBGuard, will complement the tool to make successful attacks more difficult. This helps users to set policies and to disable / enable other USB devices or to disable USB devices when the screen is locked, “says Google.