Bypassing Multiple Security Layers Using Malicious USB Human Interface Device

Author First name, Last name, Institution

Mathew Nicho, Rabdan Academy, Abu Dhabi
Ibrahim Sabry, Zayed University

Document Type

Conference Proceeding

Source of Publication

Proceedings of the 9th International Conference on Information Systems Security and Privacy

Publication Date

1-1-2023

Abstract

The Universal Serial Bus (USB) enabled devices acts as a trusted tool for data interchange, interface, and storage for the computer systems through Human Interface Devices (HID) namely the keyboard, mouse, headphone, storage media and peripherals that use the USB port. However, with billions of USB enabled devices currently in use today, the attacker’s potential to seamlessly leverage this device to perform malicious activities by bypassing security layers presents serious risk to systems administrators. The paper thus presents a comprehensive review of the multiple attacks that can be leveraged using USB devices and the corresponding vulnerabilities including countermeasures. This is followed by the demonstration of five attacks to validate the threat and the associated vulnerabilities by bypassing four security layers namely (1) two server operating system (OS) controls, (2) one group policy control, and (3) antivirus. The attack was performed by plugging in a USB that is connected with the Arduino Micro board to install three differently crafted malwares into the victim machine (Windows Server 2012). As a result, the Arduino device that has been programmed to act like a Human Interaction Device (HID) was able to bypass all the four layers successfully, with execution on the first three layers. The attack-vulnerability theoretical model, the demonstration of the five attacks, and the subsequent analysis of the attacks provide academics with multiple domains (countermeasures) for further research, as well as practitioners to focus on critical IT controls.

DOI Link

10.5220/0011677100003405

ISBN

978-989-758-624-8

Publisher

SCITEPRESS - Science and Technology Publications

First Page

501

Last Page

508

Disciplines

Computer Sciences

Keywords

Arduino, USB, HID, Administrative, Controls, Bypass, Payload

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Recommended Citation

Nicho, Mathew and Sabry, Ibrahim, "Bypassing Multiple Security Layers Using Malicious USB Human Interface Device" (2023). All Works. 5750.
https://zuscholars.zu.ac.ae/works/5750

Indexed in Scopus

no

Open Access

yes

Open Access Type

Hybrid: This publication is openly available in a subscription-based journal/series