[Bug 1622323] Re: USB device monitor tool

Tyler Hicks tyhicks at canonical.com
Thu Sep 15 21:26:33 UTC 2016 

I was mistaken, the upstream usb-discover project does not track bugs in
Launchpad. However, I'll still open this bug up publicly so that it'll
get more attention. Thanks again!

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to usb-discover in Ubuntu.
https://bugs.launchpad.net/bugs/1622323

Title:
  USB device monitor tool

Status in usb-discover package in Ubuntu:
  New

Bug description:
  *** This is NOT a bug, but a feature request that regards to security. ***
  (Don't see any method to add a feature request..)

  As a solution to badUSB for *Desktops*, a small software that monitors the USB devices on insertion may be used.
  The software can utilize the 'udev' functionality of Linux.
  This is an extermely useful solution since that it may be applied also to Android-base smartphones, because that 'udev' is a Linux kernel feature.

  The key tenets of the software are as follows:
  * The software will automatically block all USB devices until they are specifically allowed by the user.
  * The first keyboard & mouse that are connected to the dekstop will be automatically allowed.
  * Further USB devices will require the permission of the user. A prompt will appear and it will show all the info (=sysfs/USB attributes) about the device that is asking to connect to the PC.  Four buttons should exist in the prompt: "Always allow", "Allow once", "Always block", "Block once". Either choice will be saved in a database and could be modified in a control/configuration panel.
  * If a device presents itself as a keyboard, while a keyboard is already connected to the PC, then a special bold warning will appear in the prompt - alerting the user about the risk.
  * All the info about USB devices that are allowed will be stored in a database. ('info' means sysfs attributes)
  * The database has an export/import functionality.

  ---

  How the software will work?
  By exploiting the existing 'udev' functionality and running a software whenever a device is connected.
  See the general method at the following link:
  http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices#3.2_Locking_down_Linux_using_UDEV

  An example for a udev file is in the attached text file "udev.rule".

  See additional info about 'udev' at:
  http://www.reactivated.net/writing_udev_rules.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/usb-discover/+bug/1622323/+subscriptions

More information about the foundations-bugs mailing list