Advertisement

A Survey of Malicious HID Devices

  • Songyin Zhao
  • Xu An WangEmail author
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 97)

Abstract

As an interface between human and computers, human interface device is supported by most computer systems. On behalf of user, HID devices can complete many operations including many sensitive operations with high authority. Exploiting this feature, attackers have designed and produced many malicious HID devices, imitating the user’s control. Meanwhile, most systems neglect to consider this security issue, posing great challenges to information security. In this regard, this paper reviews the development of malicious HID devices with analysis of technologies used. According to the technical characteristics, these devices are classified into three categories: pure HID devices, composite devices with HID interface, malicious devices with wireless communication capabilities. Furthermore, this paper discusses the challenges and opportunities of related research.

Notes

Acknowledgements

This work is supported by the National Key Research and Development Program of China Under Grants No. 2017YFB0802000, National Cryptography Development Fund of China Under Grants No. MMJJ20170112, the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2018JM6028), National Nature Science Foundation of China (Grant Nos. 61772550, 61572521, U1636114, 61402531), Engineering University of PAP’s Funding for Scientific Research Innovation Team (grant no. KYTD201805).

References

  1. 1.
    Nohl, K., Lell, J.: BadUSB-on accessories that turn evil. Black Hat USA 1, 9 (2014)Google Scholar
  2. 2.
    Nissim, N., Yahalom, R., Elovici, Y.: USB-based attacks. Comput. Secur. 70, 675–688 (2017)CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Clark, J., Leblanc, S., Knight, S.: Compromise through USB-based hardware trojan horse device. Future Gener. Comput. Syst. 27(5), 555–563 (2011)CrossRefGoogle Scholar
  5. 5.
    Universal Serial Bus Specification Reversion 2.0 (2000). http://www.usb.org
  6. 6.
    Programmable HID USB keystroke dongle: using the teensy as a pen testing device. http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
  7. 7.
  8. 8.
    Teensy USB Development Board – PJRC. https://www.pjrc.com/teensy/
  9. 9.
    Pisani, J., Carugati, P., Rushing, R.: USB-HID hacker interface design. BlackHat Briefings, July 2010Google Scholar
  10. 10.
    Social-Engineer Toolkit v0.6.1 Teensy USB HID Attack Vector – TrustedSec. https://www.trustedsec.com/2010/08/social-engineer-toolkit-v0-6-1-teensy-usb-hid-attack-vector/
  11. 11.
  12. 12.
    Tzokatziou, G., Maglaras, L.A., Janicke, H., He, Y.: Exploiting SCADA vulnerabilities using a human interface device. Int. J. Adv. Comput. Sci. Appl. 234–241 (2015)Google Scholar
  13. 13.
    Kamkar, S.: USBdriveby: exploiting USB in style. http://samy.pl/usbdriveby/
  14. 14.
  15. 15.
    Digispark USB Development Board – Digistump. http://digistump.com/products/1
  16. 16.
    A smaller, cost-reduced digispark (<$1) – Digistump. https://digistump.com/board/index.php?topic=1025.0
  17. 17.
    GitHub - mame82/duck2spark. https://github.com/mame82/duck2spark
  18. 18.
    HIDden gem: Low-cost Digispark USB now quacks DuckyScript | Nixu Cybersecurity. https://www.nixu.com/blog/hidden-gem-low-cost-digispark-usb-now-quacks-duckyscript
  19. 19.
    Clark, J., Leblanc, S., Knight, S.: Risks associated with USB hardware trojan devices used by insiders. In: 2011 IEEE International Systems Conference, pp. 201–208. IEEE (2011)Google Scholar
  20. 20.
    Maskiewicz, J., Ellis, B., Mouradian, J., Shacham, H.: Mouse trap: exploiting firmware updates in USB peripherals. In: 8th USENIX Workshop on Offensive Technologies WOOT 2014 (2014)Google Scholar
  21. 21.
  22. 22.
    Elkins, M.: Hacking with hardware: introducing the universal RF USB keyboard emulation device: URFUKED (2010)Google Scholar
  23. 23.
    NSA Playset: USB Tools [ShmooCon 2015]. https://www.youtube.com/watch?v=uDPxa5tcdnI
  24. 24.
  25. 25.
  26. 26.
    USBHarpoon a look-like charging cable that can hack into your computer Security Affairs. https://securityaffairs.co/wordpress/75644/hacking/usbharpoon-attack.html
  27. 27.
  28. 28.
    GitHub - mame82/P4wnP1. https://github.com/mame82/P4wnP1
  29. 29.
    GitHub - mame82/P4wnP1_aloa. https://github.com/mame82/P4wnP1_aloa
  30. 30.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Engineering University of PAPXi’anChina

Personalised recommendations