Defending Against Malicious USB Firmware with GoodUSB

Presentation pdf 2.9MB

USB attacks are becoming more sophisticated. Rather than using USB devices solely as a delivery mechanism for host-side exploits, attackers are targeting the USB stack itself, embedding malicious code in device firmware to covertly request additional USB inter- faces, providing unacknowledged and malicious functionality that lies outside the apparent purpose of the device. This allows for attacks such as BadUSB, where a USB storage device with malicious firmware is capable of covertly acting as a keyboard as well, allowing it to inject malicious scripts into the host machine. We observe that the root cause of such attacks is that the USB Stack exposes a set of unrestricted device privileges and note that the most reliable information about a device’s capabilities comes from the end user’s expectation of the device’s functionality. We design and implement GoodUSB, a mediation architecture for the Linux USB Stack. We defend against BadUSB attacks by enforcing permissions based on user expectations of device functionality. GoodUSB includes a security image component to simplify use, and a honey- pot mechanism for observing suspicious USB activities. GoodUSB introduces only 5.2% performance overhead compared to the un- modified Linux USB subsystem. It is an important step forward in defending against USB attacks and towards allowing the safe deployment of USB devices in the enterprise.

Author(s):

Dave (Jing) Tian    
University of Florida
United States

Adam Bates    
University of Florida
United States

Kevin Butler    
University of Florida
United States