+19109200350
info@tpidg.us

USG v1.0 USB Firewall Review | NSC #34

USG

USB is a Problem

For a long time, USB has had many issues with how inherently insecure it is. This is mostly due to the amount of trust our computers give to USB devices. Plug-n-play insures that when we plug in a USB device, device drivers will be installed and the device will just work. Devices like the SyncStop are great because they physically disconnect the data pins and allow the USB device to charge without fear of something malicious happening to your device as it’s charging.

One uneducated employee could plug in a thumb drive he found on the ground and completely take down an entire company’s infrastructure. With USB devices having the ability to be this dangerous, almost everyone bans the use of them, which is the only thing they can do. It makes life difficult when you need to charge your phone or transfer some files between computers. In fact, in most jobs, it’s a fire-able offense to plug a USB device into a company owned computer.

What’s The Solution? The USG.

USG

In comes the USG USB Firewall, a device created in New Zealand by Globtron Developments Limited. They bring a much needed solution to this growing USB issue we have all throughout the world. The USG is a USB hardware firewall that prevents many common USB attacks by sitting in-between your computer and a USB device. It’s name is a play on words, changing USBad to USGood making clear it’s intentions already. The USG is similar in operation to the SyncStop, but allows data to pass through. Sounds dangerous right? No. The USG has two separate microprocessors on each end of the device that are connected via a serial link. The USG limits what can and cannot pass through the serial link to the other microprocessor.

Internal diagram of the USG

As always, a hardware solution is better then any software solution. In the case of the USG, it utilizes two separate, physical chips on the device. The USG currently only supports mass storage devices with 512 byte sectors and a max size of 2 TB, mice with four buttons and a scroll wheel, and 101 key keyboards. If your device is not supported, it is indicated by flashing lights on the USG. As far as transfer speeds, it runs USB v1.0 so transfer speed are quite slow, but it’s worth transferring files slowly and safely, rather than loose and fast. You will still be able to use USB v3.0 devices with the USG, as USB is backwards compatible with the older versions.

Types of Attacks Prevented with the USG

The USG has some very good rules in place that protect your computer against three major categories of attacks.

Type 1 Attacks

Type 1 attacks consist of low level driver exploits. The USG only allows a certain amount of predefined rules through to your computer. If an attacker tried to send something malicious, it wouldn’t pass through. This type of attack would require a sophisticated attacker, but is definitely possible.

Type 2 Attacks

Type 2 attacks consist of class changes after a device has been plugged in. A flash drive should not be able to switch to being a keyboard whenever it feels like it. The USG makes sure that if you plug in a flash drive, it stays a flash drive. It also prevents one device from being in two classes at once (ie. A flash drive and keyboard). In simpler terms, think of an Android phone and how it can switch between charging and data transfer. This would not be possible when plugged into the USG.

Type 3 Attacks

Type 3 attacks are under development, but would consist of predefined rules based on the device you plug in. For instance, if you plug in a flash drive, one of the rules could be a limit on the amount of data that can be transferred in one session. You could also set all flash drives to be read only, so an infected computer couldn’t exfiltrate data onto your flash drive (this is currently an open issue on Github). If you plug in a keyboard, you could have a rule that limits the amount of keys per second. This would prevent the dreaded keystroke injection attack made famous by the USB Rubber Ducky.

It seems that this device is going to be a must if we keep heading in the same direction with USB. There are a massive amount of ways USB can be compromised today. There is definitely a ton of potential for this device and we look forward to seeing future features added.

Check out our review of the Armadillo USB Firewall, the USG’s big brother.

 

Leave a Reply

Your email address will not be published. Required fields are marked *