What coding practices can help detect unauthorized removable devices connected to a system

+1 vote
I’m looking to add functionality to detect when unauthorized USB or other removable devices are connected to a system. Are there coding methods or libraries that can help monitor for these connections and alert if an unauthorized device is detected?

Any guidance on techniques for monitoring hardware connections or tools specifically geared for USB security in software would be useful.
Nov 6 in Cyber Security & Ethical Hacking by Anupam
• 6,570 points
35 views

1 answer to this question.

+1 vote

In order to detect unauthorized removable devices connected to a system, you can implement the following coding practices and techniques:

1. Monitor System Logs for Device Events

• On Linux, you can use dmesg or udevadm to detect when devices are connected or removed.

dmesg | grep -i "usb"

• On Windows, monitor the Device Manager or Windows Event Log to track USB insertions.

2. Use Platform-Specific Libraries

• For Windows, use the Windows Management Instrumentation (WMI) to detect hardware changes.

const wmi = require('node-wmi');
wmi.Query({
  class: 'Win32_USBHub'
}, (err, res) => {
  if (err) throw err;
  console.log(res);  // List of USB devices
});

• For Linux, use udev or libusb to query connected devices.

const udev = require('udev');
udev.on('add', (device) => {
  console.log('Device added:', device);
});

3. Identify and Whitelist Authorized Devices

• Track device identifiers like vendor ID (VID) and product ID (PID) for authorized devices.
• Compare connected devices against a predefined list of authorized IDs, alerting if an unrecognized device is connected.

const authorizedDevices = [
  { vendorId: '1234', productId: '5678' } // Authorized device
];
// Check connected devices
const connectedDevices = getConnectedDevices();  // Custom function to list connected devices
connectedDevices.forEach(device => {
  if (!authorizedDevices.some(authorized => 
    authorized.vendorId === device.vendorId && 
    authorized.productId === device.productId)) {
    alert('Unauthorized device detected');
  }
});

4. Implement Device Ejection

• If an unauthorized device is detected, automatically eject or lock the device.
• On Linux, you can use udisksctl to unmount the device.

udisksctl unmount --block-device /dev/sdb

• On Windows, use WMI or Devcon to disable the device.

devcon disable "USB\VID_1234&PID_5678"

5. Monitor USB Device Events in Real-Time

Use libusb for real-time USB device monitoring. This allows your application to detect when USB devices are plugged in or removed.

#include <libusb-1.0/libusb.h>
libusb_device_handle *handle;
libusb_init(NULL);
handle = libusb_open_device_with_vid_pid(NULL, 0x1234, 0x5678);
if (handle == NULL) {
  printf("Unauthorized device detected.\n");
}
answered Nov 7 by CaLLmeDaDDY
• 9,420 points
Real-time USB monitoring using libusb is practical. Including a note about potential performance implications when continuously monitoring USB events would help developers plan better resource usage.

Related Questions In Cyber Security & Ethical Hacking

+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 9,420 points
127 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP