
Hiding your data in plain sight: USB hardware hiding - chaosmachine
http://www.thice.nl/hide-your-data-in-plain-sight-usb-hardware-hiding/
======
kabdib
In principle you could do even more clever things, such as powering up ports
on the hub based on external conditions, or timing, or counters. The sky's the
limit.

Imagine a storage device that only enumerated when it was upside down, or in
darkness, or at 2:30AM-2:35AM on Thursdays, or at just above freezing?

I wonder how large the market for something like this is?

~~~
jballanc
Ok, you got me thinking and now I have to assume that someone must have
already thought this up, because it would be so immensely useful! Imagine a
USB key that behaves like a normal USB key, but if you invert it exactly 3
times in < 10s, then it activates a secondary storage partition. Put mundane
family photos or music or such on the first portion, secret documents on the
secondary. Sure, someone could disassemble the device to discover the hidden
documents, but the point is that most people, after inserting the device and
finding the photos and music, would just discard it as uninteresting...

~~~
shabble
Stick an accelerometer on there, and detect spikes corresponding to someone
tapping the device. Then implement some sort of rhythm-based security as
desired :)

Turning it around would be pretty hard if it's plugged into a PC, and it can't
really do the sensing unplugged unless it's got some sort of internal power,
but tap-detection should be fairly robust.

You'd probably want to have it remain in whatever secret-mode until unplugged,
to stop spurious jolts from accidentally un/re-mounting it (unless you're
_really_ paranoid)

~~~
RodgerTheGreat
The inherent problem with rythm-based security is that everybody already
_knows_ shave-and-a-haircut. :)

~~~
jrockway
A good passrhythm needs more than two bits of entropy.

------
shabble
By strange coincidence, this (<http://i.imgur.com/N9yRX.jpg>) just turned up
on reddit.[1] Someone hacked some flash memory and a USB hub inside a game
controller, to carry the games and emulators.

[1]
[http://www.reddit.com/r/gaming/comments/l58zi/the_games_are_...](http://www.reddit.com/r/gaming/comments/l58zi/the_games_are_in_the_controller_diy_thumb_drive/)

~~~
Ives
Not a coincidence, the TS of that topic states

[–]drwicked[S] 219 punten 18 uur geleden* Inspired by this Hiding your data in
plain sight – USB hardware hiding [cut]

------
rlpb
Very nice! It doesn't feel to me that it's really hidden though, since
plugging it in will give everything away.

How about a hidden switch on the mouse without which the USB stick isn't
connected to the hub? Or how about a mercury switch that will only connect the
USB stick when the mouse is upside-down? Not quite as good but less likely to
be detected.

------
shabble
There's a guy building a USB thumb-drive type device called the ISOStick
(<http://blog.elegantinvention.com/?cat=5>) which appears to be both a normal
storage drive, but also emulates an optical drive containing a virtual disk
specified by iso/file images on the usb-storage device.

<http://blog.elegantinvention.com/?p=117> has a few more details, but the plan
is to have a whole bunch of isos stored on there, and a bootloader/config
setup to allow you to choose which appears mounted as the virtual CD.

~~~
rlpb
I use one of these, which is eseentially a hard drive version of what you
describe:
[http://www.reghardware.com/2011/09/05/geek_treat_of_the_week...](http://www.reghardware.com/2011/09/05/geek_treat_of_the_week_zalman_zm_ve200_external_hdd_case/)

It works fine, though I've found the menu selection UI a bit dodgy, it
requires NTFS (a FAT32 firmware is available but that can't do DVD-size ISOs),
and there seems to be an unknown limit to the number of ISOs at which point it
breaks and needs eSATA to recover (disk mode USB doesn't work either). But
it's the only similar thing i know of that's available now, and it gets the
job done.

------
bigiain
<http://hakshop.com/products/usb-rubber-ducky>

That'll probably fit into a suitably modified _cable_...

------
BlueZeniX
Isn't it quite easy to block USB storage devices at the OS level? I mean
hiding the stick is clever, but it shouldn't really matter. If you only allow
HID devices, the mouse still works without getting access to the data on the
stick.

~~~
dandelany
Yes, but that isn't necessarily a good enough safeguard. See bigiain's comment
about the USB Rubber Ducky... It would take more than a simple USB stick, but
a device like that could disguise itself as a keyboard or mouse. Even if you
blocked new disk volumes or something, a device emulating a keyboard could
send keyboard signals to, say, open a terminal and copy files to/from a remote
location.

~~~
justincormack
A keyboard device that sends keystrokes to download malware is mentioned here
[https://media.blackhat.com/bh-
dc-11/Larimer/BlackHat_DC_2011...](https://media.blackhat.com/bh-
dc-11/Larimer/BlackHat_DC_2011_Larimer_Vulnerabiliters_w-removeable_storage-
wp.pdf)

Its a good overview of usb malicious devices from the software side.

------
lamnk
If you just want to hide the storage function, why waste the time tinkering
with the mouse? I think I've seen an USB stick disguised as an USB extension
cable somewhere.

~~~
pavel_lishin
Carrying around and insisting on using your own mouse is more plausible than
doing the same with an extension cable.

~~~
uxp
Though probably not the same extension cable he was talking about, it reminded
me of this article from back in 2008:
<http://www.evilmadscientist.com/article.php/usbkey>

Which spawned a commercial item that ThinkGeek sold for a time, and Bruce
Schneier talked about in this post:
[http://www.schneier.com/blog/archives/2008/12/disguised_usb_...](http://www.schneier.com/blog/archives/2008/12/disguised_usb_d.html)

------
SurfScore
I'm reminded of the battery hacking issue with the macbooks, even though it
wasn't USB. I fear that there are a lot more security concerns with this than
anything else. Devices are getting more compact, more all-in-one (the iPad
doesn't need a mouse), so I'm not sure how long there will even be much
practical use for this...except to hide your porn in your mouse I guess...

------
dewiz
just plug in your ipod with the excuse of power charging it. no one is going
to complain, the ipod is considered just a player by common people, e.g. your
managers. the truth is that you are plugging in 8Gb or more of free disk
space.

and while you steal data, you can also listen to your favourite music!

p.s. this comment text box is unusable with an ipad!

------
ksolanki
The best way, if you _really_ want to hide data, is steganography. Embed the
information into innocent looking pictures and video. The trick, of course,
would be to either download decoding software or upload somewhere when you
want access the hidden data.

~~~
Mvandenbergh
Steganography is only useful when no-one knows to look for it, if they do it
is trivial to detect.

~~~
ksolanki
Not really trivial to detect steganography. There is whole body of work that
focus on statistically undetectable data hiding [1]. Much of it is in confines
of research labs, but it is still feasible.

[1]
[http://scholar.google.com/scholar?hl=en&q=secure+stegano...](http://scholar.google.com/scholar?hl=en&q=secure+steganography&btnG=Search&as_sdt=0%2C5&as_ylo=&as_vis=0)

