Universal serial bus based software attacks and protection solutions

Information security risks associated with Universal Serial Bus (USB) storage devices have been serious issues since 2003, which marked the wide adoption of USB technologies in the computing industry, especially in corporate networks. Due to the insecure design and the open standards of USB technologies, attackers have successfully exploited various vulnerabilities in USB protocols, USB embedded security software, USB drivers, and Windows Autoplay features to launch various software attacks against host computers and USB devices. The purposes of this paper are: (i) to provide an investigation on the currently identified USB based software attacks on host computers and USB storage devices, (ii) to identify the technology enablers of the attacks, and (iii) to form taxonomy of attacks. The results show that a multilayered security solution framework involving software implementations at the User Mode layer in the operating systems can help eliminate the root cause of the problem radically.