L
L
LinkorAnd2021-01-30 17:08:27
System administration
LinkorAnd, 2021-01-30 17:08:27

Hacking a computer through a usb mouse with built-in memory. How to protect yourself?

Good afternoon everyone,
In connection with the growing popularity of mice with built-in memory, I set out to protect the computer from hacking.
The essence is very simple, there is a USB mouse, but not an ordinary one, but with memory. How to limit the capabilities of this device when connected to a computer, so that the mouse (and potentially dangerous software):
- Could not read any programs and processes on the PC
- Could not transfer files
- Worked like a regular mouse, where it can only - control the cursor on my computer and nothing else.
Moreover, all other attempts by the mouse to intervene or read any processes were hard blocked.
Important - I don't want to completely disable USB ports. I want any device with ClassGuid {4d36e96f-e325-11ce-bfc1-08002be10318} had the capabilities of a regular mouse only, and everything else was disabled.

Tried to figure it out through regedit and Policy Editor. But I didn't succeed.
I will be very grateful for help.

Answer the question

In order to leave comments, you need to log in

5 answer(s)
1
15432, 2021-01-30
@LinkorAnd

A badUSB mouse will present itself as another USB device at the right time, so filtering by identifiers will not give you anything.
I don’t really imagine the hacking scenario that you invented for yourself. But if you really want to get confused, then you can create a hardware filter for USB devices

R
ru6ak, 2021-01-30
@ru6ak

https://winitpro.ru/index.php/2015/09/22/otklyuche...
www.oszone.net/5001

C
CityCat4, 2021-01-30
@CityCat4

Already there are descriptions of attacks, at least concepts? Or is it just someone's delusional fantasy?

L
LinkorAnd, 2021-01-30
@LinkorAnd

If anything, I already have a mouse that scans running processes on a PC. If it finds the right match, it turns off. That is, the mouse can already scan, then the question is whether it can make an attack. But I think it's a matter of time.
Moreover, the scanner program was not installed by me :(

A
Alexey Kharchenko, 2021-01-31
@AVX

How can the mouse itself know how to read something from the computer? This is a HOST computer, and the mouse (or any usb composite device) cannot do anything by itself, it can only be defined as one or several usb devices at once. But then there may be a BadUSB scenario, when the mouse can also be a keyboard right away, which, for example, will execute pressing some keys after connecting, and may well start something bad on the computer.
My mouse also appears as a composite device, keyboard + mouse. But in 90% of cases this is due to the implementation curve of additional buttons that are processed by the virtual multimedia keyboard. Kaspersky defines this mouse for me as badusb, and gives out a picture with the requirement to enter the code from the picture from this virtual keyboard. In fact, she does not press any combinations and clicks, I tracked this, and she has been working quietly at home under Linux for many years and does not ask for food.
Another scenario is when there are vulnerabilities in the OS, and on the flash drive in the mouse (if there is one) there is something that can exploit this vulnerability. For example, the classic autorun, and the launch of some sequence of commands is registered in it. For example, download some file and execute it. For this, you don’t even need any external programs, you can get by with built-in ones, for example, ftp, curl, etc. There were holes with the exploitation of autorun in both Windows and Linux under KDE and other shells (but under Linux, the user still had to click on the icon himself, and then something would start under the user).
Protect yourself - under Windows, you can use the same casper, he can do it (kes with 8 like the version can). Or in the registry, disable the setting that allows you to use usb drives (usbstore). If necessary, turn it on manually. The matter is simple - create two reg-files, and turn off one, turn on the other if you suddenly need a flash drive. From the virtual keyboard in the mouse ..... I don’t know how easy it is to protect yourself without third-party tools.
Under Linux, you can somehow write rules in udev that prohibit a certain device, or even a class of devices, from working. Googling the details, so I won’t say right off the bat.
But the right decision is not to poke anything into your computer! I bought a mouse, checked it - it works as it should - let it work. If it is defined as a composite device - buy another one, if it's completely paranoid, well, or also test it and if everything is ok, let it work.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question