USB device monitor tool

Bug #1622323 reported by johnmne
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
usb-discover (Ubuntu)
New
Undecided
Unassigned

Bug Description

*** This is NOT a bug, but a feature request that regards to security. ***
(Don't see any method to add a feature request..)

As a solution to badUSB for *Desktops*, a small software that monitors the USB devices on insertion may be used.
The software can utilize the 'udev' functionality of Linux.
This is an extermely useful solution since that it may be applied also to Android-base smartphones, because that 'udev' is a Linux kernel feature.

The key tenets of the software are as follows:
* The software will automatically block all USB devices until they are specifically allowed by the user.
* The first keyboard & mouse that are connected to the dekstop will be automatically allowed.
* Further USB devices will require the permission of the user. A prompt will appear and it will show all the info (=sysfs/USB attributes) about the device that is asking to connect to the PC. Four buttons should exist in the prompt: "Always allow", "Allow once", "Always block", "Block once". Either choice will be saved in a database and could be modified in a control/configuration panel.
* If a device presents itself as a keyboard, while a keyboard is already connected to the PC, then a special bold warning will appear in the prompt - alerting the user about the risk.
* All the info about USB devices that are allowed will be stored in a database. ('info' means sysfs attributes)
* The database has an export/import functionality.

---

How the software will work?
By exploiting the existing 'udev' functionality and running a software whenever a device is connected.
See the general method at the following link:
http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices#3.2_Locking_down_Linux_using_UDEV

An example for a udev file is in the attached text file "udev.rule".

See additional info about 'udev' at:
http://www.reactivated.net/writing_udev_rules.html

Revision history for this message
johnmne (phi-reporter) wrote :
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hello and thanks for the passing along this idea for a new feature.

I'm going to make the bug public and drop the security tag since there are no existing vulnerabilities reported in this feature request. In addition, I'll add a task for the upstream usb-discover project so that they can weigh in.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I was mistaken, the upstream usb-discover project does not track bugs in Launchpad. However, I'll still open this bug up publicly so that it'll get more attention. Thanks again!

information type: Private Security → Public
Revision history for this message
johnmne (phi-reporter) wrote :

@Tyler Hicks (tyhicks):

I think that the security tag should be returned, because that currently Ubuntu is missing a protection from the basUSB exploit.
Therefore there is an existing vulnerability in Ubuntu that wasn't attended for years, see:
https://bugs.launchpad.net/ubuntu/+bug/1393612

(Even Windows protects the user from that exploit!)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.