What coding practices can help detect unauthorized removable devices connected to a system

+1 vote
I’m looking to add functionality to detect when unauthorized USB or other removable devices are connected to a system. Are there coding methods or libraries that can help monitor for these connections and alert if an unauthorized device is detected?

Any guidance on techniques for monitoring hardware connections or tools specifically geared for USB security in software would be useful.
Nov 6, 2024 in Cyber Security & Ethical Hacking by Anupam
• 18,970 points
457 views

1 answer to this question.

+1 vote

In order to detect unauthorized removable devices connected to a system, you can implement the following coding practices and techniques:

1. Monitor System Logs for Device Events

• On Linux, you can use dmesg or udevadm to detect when devices are connected or removed.

dmesg | grep -i "usb"

• On Windows, monitor the Device Manager or Windows Event Log to track USB insertions.

2. Use Platform-Specific Libraries

• For Windows, use the Windows Management Instrumentation (WMI) to detect hardware changes.

const wmi = require('node-wmi');
wmi.Query({
  class: 'Win32_USBHub'
}, (err, res) => {
  if (err) throw err;
  console.log(res);  // List of USB devices
});

• For Linux, use udev or libusb to query connected devices.

const udev = require('udev');
udev.on('add', (device) => {
  console.log('Device added:', device);
});

3. Identify and Whitelist Authorized Devices

• Track device identifiers like vendor ID (VID) and product ID (PID) for authorized devices.
• Compare connected devices against a predefined list of authorized IDs, alerting if an unrecognized device is connected.

const authorizedDevices = [
  { vendorId: '1234', productId: '5678' } // Authorized device
];
// Check connected devices
const connectedDevices = getConnectedDevices();  // Custom function to list connected devices
connectedDevices.forEach(device => {
  if (!authorizedDevices.some(authorized => 
    authorized.vendorId === device.vendorId && 
    authorized.productId === device.productId)) {
    alert('Unauthorized device detected');
  }
});

4. Implement Device Ejection

• If an unauthorized device is detected, automatically eject or lock the device.
• On Linux, you can use udisksctl to unmount the device.

udisksctl unmount --block-device /dev/sdb

• On Windows, use WMI or Devcon to disable the device.

devcon disable "USB\VID_1234&PID_5678"

5. Monitor USB Device Events in Real-Time

Use libusb for real-time USB device monitoring. This allows your application to detect when USB devices are plugged in or removed.

#include <libusb-1.0/libusb.h>
libusb_device_handle *handle;
libusb_init(NULL);
handle = libusb_open_device_with_vid_pid(NULL, 0x1234, 0x5678);
if (handle == NULL) {
  printf("Unauthorized device detected.\n");
}
answered Nov 7, 2024 by CaLLmeDaDDY
• 31,260 points
Real-time USB monitoring using libusb is practical. Including a note about potential performance implications when continuously monitoring USB events would help developers plan better resource usage.

Related Questions In Cyber Security & Ethical Hacking

+1 vote
1 answer

What SQL queries can be used to test for SQL injection vulnerabilities in a database?

When testing for SQL injection vulnerabilities, you ...READ MORE

answered Nov 6, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
772 views
0 votes
1 answer

What LDAP query can be used to enumerate all users in a directory?

Creating an LDAP search query with the ...READ MORE

answered Nov 18, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
522 views
0 votes
1 answer
0 votes
1 answer
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
3,364 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,190 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,045 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,096 views
+1 vote
1 answer
+1 vote
1 answer

What methods can I use in JavaScript to detect and prevent clickjacking attacks?

In order to prevent clickjacking attacks, we ...READ MORE

answered Oct 23, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,124 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP