Prevention of code injection from Human Interface Device (HID)

Abstract

HIDs are commonly known as "Human Interface Devices," which are used by humans to interact with computer systems, usually through the Universal Serial Bus (USB). HIDs can be a mouse, a keyboard, or anything that can be connected to the computer system. USB ports are a common medium for information exchange, which also increases the usage of USB devices and ultimately increases vulnerability in the system. Attacks, such as code injections, use this vulnerability in a USB to open a backdoor into the host system. In these kinds of attacks, attackers almost always try to modify the firmware of USB devices and launch keypress injection attacks to introduce malicious scripts into the system. For example, an attacker can inject a script that can download malicious software from the internet without the victim's knowledge, and this can be done within a few seconds. The only thing the attacker has to do is plug in the malicious USB device to the host system, and the system will detect it as any regular HID device. The malicious USB device will start injecting scripts on the host system in a few seconds. As these attacks happen within seconds, which requires the malicious script to send keypress activities rapidly, by preventing this fast keypress activity, one can stop the execution of the script before it gets completed. Hereby, this paper proposes a software that will continuously monitor user keypress activities, and as soon as it detects a sudden spike in the speed of keypresses, it will temporarily block further keypress activities and ask for identification by prompting a password window. This event will be logged in the system, which can be seen by the actual user of the system. With the help of this mechanism, these kinds of attacks can be prevented.