Hardware components | ||||||
| × | 1 | ||||
| × | 1 | ||||
Software apps and online services | ||||||
 |
| |||||
 |
| |||||
The following diagram describes the reason for this project:
You purchased an off-brand USB drive, or you found a stray USB drive. Dare you connect it to a laptop, desktop or smart device, and risk the spread of malware?
The ConceptThe following diagram describes the concept behind this project:
To protect a sophisticated device like a laptop, desktop, smartphone or table, an intermediate device is used to connect a USB drive. The intermediate device is running an OS that has a significantly smaller attack surface than a mainstream OS. The end user device, e.g. a laptop, connects to a private WiFi access point, which was created by the intermediate device. Once connected, the laptop can browse, upload and download files on the USB drive. The intermediate device cannot automatically run scripts or applications, which should slowdown or prevent the spread of malware.
PrototypesI originally prototyped this idea using a Raspberry Pi Zero W2 in gadget mode, which worked, but I realized the RPi could be compromised as the OS on the RPi is sophisticated, capable, and could be attacked.
I started looking at ESP32 microcontrollers with USB shields. The ability to compromise a microcontroller, from a USB drive, is pretty low. I tried a couple of microcontroller and USB shield combinations, which did not work out. And then I found the ESP32-P4 family of microcontrollers.
The HardwareThe ESP32-P4 is a high-end microcontroller with Ethernet, WiFi and USB ports. Here’s a picture of the ESP32-P4 Nano:
Here’s a closer picture of the ports:
The ESP32-P4 Nano has a USB-C port that provides power to board as well as being used to flash the device (UART) and provide debug output. The board also has a 100MBit Ethernet port and a USB-A port. The following picture shows the size of the ESP32-P4 Nano, relative to a USB drive:
There is another board in the ESP32-P4 family, which is called the Module Dev Kit:
The ESP32-P4 Module has similar specifications to the ESP32-P4 Nano, but has an extra USB-C port and 3 additional USB-A ports. The following picture gives you some idea of the size difference between the two ESP32-P4 boards:
I typically use Arduino IDE to write software for microcontrollers and the ESP32-P4 board can be programmed using that environment. However, ESP32-P4 Arduino IDE environment was missing libraries to handle the USB lifecycle (insert and remove), and mounting of the FAT file system. I was able to find a number of examples from Espressif that used VSCode and the ESP-IDF. I have a lot of experience with Visual Studio, but not VSCode, so this was a good way for me to learn how to us both ESP-IDF and VSCode.
The Project in ActionThe ESP32-P4 Nano is configured as a WiFi access point with a HTTP server. The application running on the ESP32-P4 Nano presents a minimalist web interface that provides the functionality required, and minimizes memory overhead on the ESP32-P4 Nano. The UI/UX could be improved with a minor increase in memory usage.
The following sections give a feel for the web UI/UX.
The Main PageThe following screenshot shows the project’s main web page served by the ESP32-P4 Nano:
Clicking the USB Drive Information button results in the following page:
This page outputs information about the USB drive like the capacity, and product model and manufacturer. The user can return to the main page by clicking on the link at the bottom of the page.
Browsing and Loading FilesClicking on the Browse or load a file from USB Drive button displays this initial page:
The end user can specify a starting directory, whether to include subdirectories (recursive) and the maximum subdirectory depth.
Selecting the defaults produces the following page:
This page gives a list of files on the USB drive that can be reviewed selected for download. The end user can also choose to return to the main page or perform another search.
Selecting the usbtest.pdf file causes a file called usbtest.pdf.usb to be downloaded. This is a little inconvenient, as the end user has to rename the PDF file, but this prevents some browsers automatically opening the file. Opening the PDF file must be avoided as it could contain a malicious payload.
There is a HTTP header called Content-Disposition that can be set to indicate a file should not be opened, but this seems to be ignored, and PDF files are opened based on the file extension.
The downloaded usbtest.pdf.usb file matches the source version of the file:
Clicking on the Save a File to USB drive button produces the following page:
The end user can select a file to upload to the USB drive:
After selection, the end user can submit the file to the ESP32-P4 Nano:
The end user will see the following confirmation page before being returned to the main page:
The file was transferred to the USB drive:
Clicking on the Eject USB Drive button produces the following page:
The end user can remove the USB drive at any time, but this option gives the end user the option of advertising their intent which allows the ESP32-P4 Nano to perform additional cleanup.
The URLsThis section describes the URLs supported by the application.
/ or index.htmlThis is the main web page and provides links to USB Information, File Load, File Save and Eject pages.
infoAccessible from the main (index.html) page, this page provides information about the USB drive e.g. capacity, model, and manufacturer etc.
loadAccessible from the main (index.html) page and is used to start the file download (USB drive to local computer) process. An initial page is presented that allows the end user to specify a start directory, whether subdirectories are followed (recursive) and the maximum number of subdirectory levels.
This page defaults the start directory to / (the root directory) and non-recursive. If the end user checks the recursive field, the directory level is defaulted to 4, with a maximum of 8 levels. The level controls the amount of memory used, by the ESP32-P4 Nano, when returning a list of files to the end user.
selectThe select page is dynamically generated by the ESP32-P4 Nano in response to the data entered into the load page. The select page contains a list of files available for download to the local computer. The end user can click on a link to download the file. Once local, the end user can scan the file with antivirus software. Due to the unknown amount of data returned by a directory listing, data is sent in chunks.
downloadThe download page is called when a user clicks on a file link provided in the select page. This initiates the file download sequence. As files can be any size, data is sent in chunks until the entire file is downloaded.
saveAccessible from the main (index.html) page and is used to start the file upload (local computer to USB drive) process. The save page allows the user to locate a file they would like to upload to the USB drive. As files can be any size, data is sent in chunks until the entire file is downloaded.
filechunkThe filechunk page is called by the save page, using some JavaScript code, to upload a file to the USB drive a chunk at a time.
savedThis is a confirmation page generated by the ESP32-P4 Nano when a file has been successfully uploaded to the USB drive.
ejectAccessible from the main (index.html) page and displays a message telling the end user they can remove the USB drive.
ConclusionThe basic concept works well. A USB drive an be inserted into the ESP32-P4 Nano and files can be uploaded or downloaded. Moving files around on USB drives I trust shows the mechanisms work, but does not prove it would stop malware. I need to think about setting up an isolated environment and infecting a USB drive to see if this concept stops the spread of malware.
The ESP32-P4 Nano does not work with all USB drives, and can only access files on USB drives formatted using the FAT file system. Although, it looks like it might be possible to extend usage to the exFAT file system.
USB Zone Concept
Comments