This Device Works as a Firewall for Your USB Ports

The USG is an USB attachment that allows users to connect USB flash drives and other USB devices to their computer without any of the risks.

Attacks like BadUSB have shown how a rogue device can mimic a benign USB interface, but secretly send malicious low-level commands and take over a computer via its USB port.

USG, created by New Zealander Robert Fisk, works as an intermediary between the computer and the USB device (flash drive, USB keyboard, USB mouse) and behaves similar to a firewall, inspecting the data that passes through it.

USG, which runs on custom firmware, only lets data pass, ignoring any kind of low-level interactions between the USB device and computer.

Furthermore, USG protection goes both ways, meaning you can use USG to protect USB flash drives when connecting to unknown computers.

BadUSB attacks work because computers inherently trust anything connected via an USB port. If it’s a mouse or a device such as PoisonTap, which can alter DNS settings and dump passwords, the computer behaves the same. It doesn’t care.

Fisk says he developed USG after realizing he also couldn’t trust the vendors of USB-based components.

“Do you know who developed your flash drive’s firmware” Fisk asks, “It’s probably not the company name printed on the packaging.”

“Has the firmware been audited for backdoors and malicious functionality? Can you confirm that the firmware running on your drive hasn’t been maliciously modified during or after manufacture?”

These questions drove him to create USG using off-the-shelf development boards. He then wrote custom firmware to power these boards and make USG work as USB devices should, only focusing on the data transfer, and nothing else. Fisk open-sourced USG’s firmware on GitHub.

Of course, this has its drawbacks. A lot of the noise traffic on USB devices is the firmware negotiating connections and improving data transfer speeds. These things are not included in USG, as they are the attack vectors for BadUSB.

As such, the recently released USG v1.0 only supports a data transfer speed of up to 1 MB/s, much inferior to commercial USB devices that work in the range of tens of MB/s.

In addition, USG only supports USB mass storage (flash drives), keyboards, and mice, but Fisk promises to add support for other types of USB devices in the future.

Fisk says that anyone can make their own USG devices using off-the-shelf development boards, but if they don’t have the skills, he’s also selling USG devices for around $60 + shipping.

“My reputation hinges on the integrity of this project,” Fisk explains. “This includes the integrity of the hardware I am offering for sale. This is why I will never outsource the manufacture of USG hardware to another country.”

“The USG is assembled in New Zealand under my direct supervision, and the firmware is programmed from a secure device by yours truly,” the developer adds. “USG devices delivered by post have tamper-evident seals placed around the case, so any attempt to reprogram the firmware is visible.”

Fisk recommends USG for companies and people who want to protect crucial workstations, or for people who travel a lot and have an USB flash drive they often connect to many untrusted computers.

The only downside to USG (by design) is that it doesn’t distinguish between good data and bad data. Malware stored on an USB flash drive can pass through USG without any warnings since the malware is just a random blob of data to USG. For malware attacks, you’ll have to rely on an antivirus.