Won 2nd Place Overall At Hack@WPI 2019
Safe Harbor - What It's All About
As of 2019, there exist 29 different types of USB attacks. Amongst them, some of the most common include Rubber Duckies (poses as a keyboard and injects a preloaded keystroke sequence), Bash Bunnies (delivers penetration testing attacks and IT automation tasks in seconds by emulating combinations of trusted USB devices – like gigabit Ethernet, serial, flash storage and keyboards), and Evilduinos (also works by emulating a keyboard/mouse and can send keystrokes/mouse cursor movements to the host according to a preloaded script). One may think these devices require a user to be a skilled hacker or someone extremely knowledgeable in cyber-attacks to operate such devices. You would be sadly mistaken; these devices don’t even require going to the dark web or use of illegal means to obtain. A quick Google search and forty bucks later, you can have one delivered ready to deploy in a matter of days. Even though these types of attacks were first seen in 2010, they continue gain popularity. Since then, they have been an ever-growing problem for society and enterprises alike. Their fan base mostly derives from both their ease of access and, more importantly, their speed to execute commands/deliver payloads in a matter of minutes. This allows the carrier to accomplish the task faster than they arrived. Even Cyber Specialists use them during penetration testing and is a common practice for most Red Teams. Now there are extreme methods that exist to battle these types of attacks. The most effective is to completely disable all ports on the desired machine(s). Of course, for extremely sensitive or classified information this is not just a good idea, but it is mandated by specific guidelines, for example the NIST 800-53 (MP-7). While effective, this extreme method of defense can easily become a nuisance for day to day tasks and lead to security fatigue. So, why isn’t there a method or program that exists for a more user friendly but secure way to safeguard against these types of attacks? What we aspired to create during our stay here at WPI was a new way to monitor and protect the user’s ports through multi-layered authentication and a program written in Python. All while keeping in mind Human Computer Interaction (HCI) and the three common factors used for authentication (something you know, something you have, and something you are). Let me be the first to introduce you to the solution; Safe Harbor. As a simple Python script running as a background process, Safe Harbor monitors devices that plug into the host machine. Once a new USB device is detected, Safe Harbor immediately locks the potentially malicious actor out, denying the USB access to any part of the computer until it receives authentication. The script generates a random five-digit password, then sends an alert to a registered phone, using Twilio, making the user aware that a new device has been plugged into the host machine. The user is then given the choice to either authenticate the device to the program, by texting the five-digit number back to the service or the user can say that the USB/device does not have authorization, keeping it locked from the host machine. Thus, creating an extremely user-friendly process to protect Personal Identifiable Information (PII) and additional information on the intended machine. With Safe Harbor, the possibility of an attacker gaining access to your ports significantly decreases as they would require access to your phone and local machine to view and submit the access code (Two-factor authentication). Safe Harbor is the future of port safety for everyone.