Bypassing Multiple Security Layers Using Malicious USB Human Interface Device

Mathew Nicho; Ibrahim Sabry

doi:10.5220/0011677100003405

Bypassing Multiple Security Layers Using Malicious USB Human Interface Device

Mathew Nicho, Ibrahim Sabry

2023

Abstract

The Universal Serial Bus (USB) enabled devices acts as a trusted tool for data interchange, interface, and storage for the computer systems through Human Interface Devices (HID) namely the keyboard, mouse, headphone, storage media and peripherals that use the USB port. However, with billions of USB enabled devices currently in use today, the attacker’s potential to seamlessly leverage this device to perform malicious activities by bypassing security layers presents serious risk to systems administrators. The paper thus presents a comprehensive review of the multiple attacks that can be leveraged using USB devices and the corresponding vulnerabilities including countermeasures. This is followed by the demonstration of five attacks to validate the threat and the associated vulnerabilities by bypassing four security layers namely (1) two server operating system (OS) controls, (2) one group policy control, and (3) antivirus. The attack was performed by plugging in a USB that is connected with the Arduino Micro board to install three differently crafted malwares into the victim machine (Windows Server 2012). As a result, the Arduino device that has been programmed to act like a Human Interaction Device (HID) was able to bypass all the four layers successfully, with execution on the first three layers. The attack-vulnerability theoretical model, the demonstration of the five attacks, and the subsequent analysis of the attacks provide academics with multiple domains (countermeasures) for further research, as well as practitioners to focus on critical IT controls.

Download

Paper Citation

in Harvard Style

Nicho M. and Sabry I. (2023). Bypassing Multiple Security Layers Using Malicious USB Human Interface Device. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 501-508. DOI: 10.5220/0011677100003405

in Bibtex Style

@conference{icissp23,
author={Mathew Nicho and Ibrahim Sabry},
title={Bypassing Multiple Security Layers Using Malicious USB Human Interface Device},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={501-508},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011677100003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Bypassing Multiple Security Layers Using Malicious USB Human Interface Device
SN - 978-989-758-624-8
AU - Nicho M.
AU - Sabry I.
PY - 2023
SP - 501
EP - 508
DO - 10.5220/0011677100003405