Google Releases Tool to Block USB Keystroke
Google has released a tool devised to detect the USB keystroke injections and then be able to detect devices that sent them.
With easy-to-find keystroke injection tools, they are able to send keystrokes faster while not being the victim. Posted in USB, the keystroke injection attack requires a Personal Device Call.
According to Linux systems, a tool announced by Google this week measures the time of incoming keys in an attempt to determine if this attack is based on a predefined description, without the user being involved.
There are two methods to use, known as MONITOR and HARDENING. In the previous mode, it will not prevent devices that have been classified as corrupt, but will write details about them to get back to syslog. In storage mode, the tool immediately blocks devices classified as malicious / invasive.
USB Keystroke Injection Protection comes with HARDENING mode pre-enabled and is accessible on GitHub, where a guide is available to provide information on how to get it up and running with system daemon enabled in the reboot.
Google stated that an attacker can still gain access to a user’s machine which can do much worse if the machine is left unlocked despite the tool’s functionality.
The solution is designed as an additional layer of protection by allowing users to see attacks occur, as keys are marked or slow enough to slow down the tool’s thinking, or occur quickly enough to detect the tool.
Google also stated that the tool can be implemented with other Linux tools like USBGuard, to make successful attacks more difficult. The latter allows users to define policies and allow / block specific USB devices or blocking their devices.