Remove Security Issues From Untrusted USB Connections

USB has become pretty “universal” nowadays, handling everything from high-speed data transfer to charging phones. There are even USB-powered lava lamps. This ubiquity doesn’t come without some costs, though. There have been many attacks on smartphones and computers which exploit the fact that USB is found pretty much everywhere, and if you want to avoid these attacks you can either give up using USB or do what [Jason] did and block the data lines on the USB port.

USB typically uses four wires: two for power and two for data. If you simply disconnect the data lines, though, the peripheral can’t negotiate with the host for more power and will limp along at 0.5 watts. However, [Jason] discovered that this negotiation takes place at a much lower data rate than normal data transfer, and was able to put a type of filter in between the host and the peripheral. The filter allows the low-frequency data transfer pass through but when a high-frequency data transfer occurs the filter blocks the communication.

[Jason] now has a device that can allow his peripherals to charge at the increased rate without having to worry about untrusted USB ports (at an airport or coffee shop, for example). This simple device could stop things like BadUSB from doing their dirty work, although whether or not it could stop something this nasty is still up in the air.

HIDUINO: Your Arduino is Now A MIDI Interface

[Dimitri Diakopoulos] dropped into our tip line to let us know his HIDUINO project. The HIDUINO is a set of firmware for the ATmega8u2 used in the new revisions of the Arduino  (Uno, and Mega2560 for example).  Once the HIDUINO is loaded your Arduino can show up as any HID compliant device you wish, no extra drivers necessary. This means that using this firmware, music software such as Max, Ableton, Reaktor etc can read and write MIDI directly to/from the Arduino. Currently the project is for direct USB-MIDI communication but could be altered to act as a variety of HID devices.

Flashing the ATmega8u2 with your own device type or name requires a bit of work on the developers part like owning an ISP programmer, soldering header pins to the board, and re-flashing the ATmega8u2 every time you want to load new code into the Arduino. Users without an ISP can still flash HIDUINO using Atmel’s FLIP software (Windows) or the DFU programmer (Mac OS X and Linux) and a precompiled HIDUINO firmware. They still have to solder a jumper on the underside of the board to use the DFU bootloader.

This firmware could certainly benefit anyone building an Arduinome , Joystick, or any variety of devices that users simply want to interface to a PC without additional software.

A guide for ISP flashing can be found at [Dimitri]’s site.

Apple Adjustable Keyboard USB hack


When [Tom] got tired of the large size of his Microsoft Comfort Curve 2000 keyboard, he decided to hack a recently acquired Apple Adjustable Keyboard for use with Windows. After removing the ancient ADB based control board from the Apple keyboard, he was able to map the keys and transplant the Microsoft keyboard’s USB control board into the Apple keyboard. After soldering the control board into the keyboard with old IDE cables, all that was left was to add some diodes to prevent ghost key presses, and the keyboard hack was complete. [Tom] offers a spreadsheet of the results of his key mapping on his site, and while you’re there be sure to check out his other projects, like his DIY Proton Pack that he made for Halloween last year.