With keystroke injection devices that are readily available, they can send incredibly fast keystrokes while being invisible to the victim effectively. Keystroke injection attacks are delivered via USB and involve a Human Interface System Driver. The tool released by Google this week, intended for Linux systems, tests the timing of incoming keystrokes to decide if this is an attack based on predefined heuristics, without affecting the user. There are two modes of operation, namely, MONITOR and HARDENING. It does not block devices labeled as malicious formerly but will write information on them to syslog. However, in the latter mode, the tool automatically blocks devices that are marked as malicious/attacking. USB Keystroke Injection Security ships with HARDENING mode allowed by default and available in open source on GitHub, where a step-by-step guide offers instructions on how to get up and run the systemd daemon enabled at reboot. The solution is designed as an added layer of protection by letting users see the attack happening, as the keystrokes are either delayed enough to circumvent the tool’s logic or happen fast enough to be detected by the tool.
