usb-canary icon indicating copy to clipboard operation
usb-canary copied to clipboard
verified publisher icon errbufferoverfl

Misleading advertisement

Open jaseg opened this issue 8 years ago • 2 comments

The README sais about usb-canary that its function is to "monitor USB devices", just as its name suggests. However, as far as I can tell it is only monitoring mounted physical partitions.

  • [ ] Feature Request
  • [x] Bug Report

Possible Solution

Clearly document what is monitored, under which conditions alerts will happen and what use this is applied to common threat models.

I would also highly suggest a note pointing out that usb-canary is experimental, early stage software and should absolutely not be relied upon in critical situations.

Context

usb-canary at least on first glance looks like a security tool. For any security tool, clear and precise communication as to its threat model and scope are necessary for it to be used correctly.

An important omission is that currently, usb-canary will not detect one of the most common classes of usb-based attacks, available to anyone: Fake HID-Class keyboard devices. In contrast, properly implemented even a change such as inserting a keylogger could be detected.

jaseg avatar Oct 08 '17 11:10 jaseg

Hi @jaseg,

Thanks for submitting an issue, I am currently re-writing the documentation as you suggested. This should be posted within the next couple of days.

errbufferoverfl avatar Oct 08 '17 22:10 errbufferoverfl

I have added a disclaimer as suggested, once I get more time I will be able to thoroughly document what is monitored, under which conditions. As an added bonus I have removed any reference to this being a security tool.

errbufferoverfl avatar Oct 08 '17 23:10 errbufferoverfl