Modern communication devices, such as computers, allow computer memory expansion by providing a universal serial bus (USB) receptacle. USB peripheral devices usually have a plug with physical and electronic specifications, just as communication devices capable of receiving a USB plug have a receptacle with physical and electronic specifications.
USB devices can be of different natures, like a storage device (flash drive), a computer mouse, a computer keyboard, a printer, or a webcam.
Specifically, USB storage devices are small, inexpensive, and highly portable, and are ubiquitous in modern computing devices. Due to its portable nature, a single USB storage device is often being plugged into a number of different hosting communication devices. For example, a consumer can store his or her personal music collection on a USB storage device and then play that music on a computer, a smart phone, or even an automobile stereo system.
The highly portability characteristic of USB storage devices make them a popular target as of computer viruses.
Recently, serious attack dubbed BadUSB has been unveiled. It involves malicious USB devices attacking a victim host in an instance and a malicious host reprogramming a victim USB device in another instance. The combination of both attacks paves the way to a physical propagation of computer malware, one that is able to reach air-gapped systems (systems that are isolated from any outside networks). In this kind of attack, a custom built USB device can act maliciously through keyboard emulation in order to attack a USB host. A normal USB device (USB storage stick for example) can be reprogrammed at the micro-controller level by a malicious host, thus creating a malicious USB device capable of attacking other USB hosts that it gets inserted into. This is done at the controller level (firmware) of the USB device and not at the file system level that can be formatted or scanned by an anti-virus.
Thus, there is a need for improved techniques that enable communication devices to control the nature of USB device connected to the communication devices, in order to protect both the USB devices and the host communication devices simultaneously.