USBSnoop -- Revealing Device Activities via USB Congestions
Davis Ranney, Yufei Wang, A. Adam Ding, Yunsi Fei
TL;DR
The paper identifies a novel congestion-based side-channel on USB hubs that leaks sensitive information by observing bus contention. It adapts the PCIe Invisible Probe methodology to USB, demonstrating keystroke recovery and website fingerprinting via hub-level timing. Using Hidden Markov Models and BiLSTM classifiers, it achieves non-trivial accuracy across USB2.0, USB3.x, and USB-C configurations, indicating practical risk for real-world users. The work emphasizes the need for new security measures, including hardware partitioning, traffic-arbitration changes, and potential USB-IF guidance, to mitigate these risks and suggests exploring USB in broader hardware and wireless contexts.
Abstract
The USB protocol has become a ubiquitous standard for connecting peripherals to computers, making its security a critical concern. A recent research study demonstrated the potential to exploit weaknesses in well-established protocols, such as PCIe, and created a side-channel for leaking sensitive information by leveraging congestion within shared interfaces. Drawing inspiration from that, this project introduces an innovative approach to USB side-channel attacks via congestion. We evaluated the susceptibility of USB devices and hubs to remote profiling and side-channel attacks, identified potential weaknesses within the USB standard, and highlighted the critical need for heightened security and privacy in USB technology. Our findings discover vulnerabilities within the USB standard, which are difficult to effectively mitigate and underscore the need for enhanced security measures to protect user privacy in an era increasingly dependent on USB-connected devices.