What is USG ?
The USG is a small, portable hardware USB firewall that isolates a potentially harmful device from your computer. It is an USB attachment that allows users to connect USB flash drives and other USB devices to their computer without any of the risks.
Attacks like BadUSB have shown how a rogue device can mimic a benign USB interface, but secretly send malicious low-level commands and take over a computer via its USB port.
Every USB device has its own micro-computer that runs its own firmware. It only takes one malicious USB stick to send a malicious message to your computer to cause damage.
It’s not just computers. And also cars, cash registers, and some ATMs come with USB ports, which can be vulnerable to cyberattacks.
USG works like a firewall for USB connections
New Zealander, Robert Fisk created this device which works as an intermediary between the computer and the USB device (flash drive, USB keyboard, USB mouse).
It runs on custom firmware, only lets data pass, ignoring low-level interactions between the USB device and computer.
Furthermore, USG protection goes both ways. That means you can protect USB flash drives when connecting to unknown computers.
USG prevents BadUSB attacks
BadUSB attacks work because computers inherently trust anything connected via an USB port. If it’s a mouse or a device such as PoisonTap, which can alter DNS settings and dump passwords, the computer behaves the same. It doesn’t care.
USG is created using off-the-shelf development boards. And custom firmware to power these boards and make it work as USB devices, only focusing on data transfer. USG’s firmware is available on Github.
A lot of the noise traffic on USB devices is the firmware negotiating connections and improving data transfer speeds. These things are not included in USG, as they are the attack vectors for BadUSB.
The recently released USG v1.0 only supports a data transfer speed of up to 1 MB/s.
In addition, USG only supports USB mass storage (flash drives), keyboards, and mice. Fisk promises to add support for other types of USB devices in the future.
Buy or make your own USG
Anyone can make their own USG devices using off-the-shelf development boards. But if they don’t have the skills, USG devices are being sold for around $60 + shipping.
Furthermore, USG devices delivered by post have tamper-evident seals placed around the case, so any attempt to reprogram the firmware is visible.
The only downside to USG (by design) is that it doesn’t distinguish between good data and bad data. So, Malware stored on an USB flash drive can pass through USG without any warnings since the malware is just a random blob of data to USG.
For malware attacks, you’ll have to rely on an antivirus.