Universal Serial Bus (USB) is an industry standard that defines cables, connectors and communication protocols for connection, communication, and power supply between host devices (typically computers or servers) and external peripherals. Over the last few decades, USB has largely replaced a variety of previous interfaces, including serial and parallel ports. Presently, a wide variety of peripherals include USB interfaces for enabling communication with computers. Examples of such peripherals include printers, keyboards, mass storage device, scanners, cameras and mice.
USB interfaces are configured to enable exchange of data in a bi-directional manner. That is, data can be transferred from the host device to the USB device and vice versa. The original USB 1.0 interface enabled data rates up to 1.5 Mbit/s in low speed mode, and 12 Mbit/s in full speed mode. More recent versions, such as USB 3.2, allow data rates of up to 20 Gbit/s. In addition, USB interfaces are configured to provide power to the devices being connected to the host device. In this way, no additional cables are needed for powering.
Most peripherals, including printers, scanners and cameras, include intelligent electronic circuits. Such circuits are often programmed with internally stored firmware designed to control the device's operations. By contrast, some low-cost peripherals are not programmed with firmware, but rather rely on the host device to provide the control program.
In recent years, the number of software attacks aimed at maliciously accessing private information in computer systems has grown dramatically. One popular way for carrying out software attacks is via USB devices. In social engineering attacks, malicious actors use USB keys that contain HTML files to phish the user for their login and password information once the user clicks on the files. On the other hand, human interface device (HID) spoofing use specialized hardware to fool a computer into believing that a malicious USB key is a keyboard. The fake keyboard injects fake keystrokes designed to compromise the victim's computer. HID spoofing is the most commonly used type of attack via USB. Finally, in zero-days attacks, malicious keys use custom hardware that exploits a vulnerability in a USB driver to get direct control of a computer as soon as it is plugged in.