If you’re a paranoid system admin, [errbufferoverfl] has your back with software that keeps track of whenever someone plugs in or disconnects an USB-based device from a workstation.
Christened USB Canary, [errbufferoverfl’s] tool is written in Python. However, even though Python is cross-platform, USB Canary only works on Linux currently. But, fret not: [errbufferoverfl] is already working on Windows and Mac versions.
Primarily, USB Canary watches USB connectors for any activity and logs anything it sees. Moreover, when a USB device is plugged in or unplugged, USB Canary can alert the owner of the workstation via an SMS message courtesy of the Twilio API, post a message in a Slack channel or even make a noise to alert a nearby sysadmin. Additionally, USB Canary can be configured to only run when the workstation is locked (if you’re not completely paranoid).
[errbufferoverfl’s] USB Canary was born out of dissatisfaction with current workstation monitoring tools. You see, most tools only notify users after someone has logged on. [errbufferoverfl] points out that there are means to automate attacks without logging in, and we can think of many unsavory things that can be done when logged out.
While USB Canary won’t protect you from -220V , it might at least warn of a BadUSB attack. But, for the really paranoid, why not try GoodUSB?
[via bleepingcomputer]