Google releases tool to fight USB keystroke injection attacks

USB Keystroke Injection Protection

One of the sneakiest and potentially most malicious ways to hack a computer is a USB keystroke injection attack. Using a compromised USB device connected to a computer, a hacker can run commands without you even noticing. Google’s making it easier for Linux users to fight back against these kinds of attacks by releasing an open source detection tool.

Called USB Keystroke Injection Protection, the tool detects “if the keystrokes have been made without human involvement”. It does that by measuring “the timing of keystrokes coming from connected USB devices.” Sebastian Neuner of Google’s Information Security Engineering Team said that while the USB Keystroke Injection Protection tool isn’t the last word in defense against these kinds of attacks, but offers “another layer of protection and to defend a user sitting in front of their unlocked machine by them seeing the attack happening.”

You can find the Python source code for the tool on GitHub.