InfoSecurity -- A comprehensive magazine on IT Security (a Security magazine)

InfoSecurity Jan 2010

Back to Contents

Secure Programming

Securing USB Ports: A programming course

Through the rapid usage of pen drives, the spread of deadly malicious codes through them are common today. Hence the need for protecting the USB ports has its own advantages. In the secure programming section, we present you with simple programming codes to disable and enable USB ports using ‘C’ language.

In the United States, a flash drive (USB or pen drive) was stolen with names, grades, and social security numbers of 6,500 former students. Flash drives as it is popularly known present a significant security challenge for small and medium organisations alike. Their small size and ease of use allows unsupervised visitors or employees to store and smuggle out confidential data with little chance of detection. Both corporate and public computers are vulnerable to attackers connecting a flash drive to a free USB port and using malicious software such as keyboard loggers or packet sniffers.

For computers set up to be bootable from a USB drive it is possible to use a flash drive containing a bootable portable operating system to access the files of a computer even if the computer is password protected. The password can then be changed; or it may be possible to crack the password with a password cracking program, and gain full control over the computer. Encrypting files provides considerable protection against this type of attack.

USB flash drives may also be used deliberately or unwittingly to transfer malware and autorun worms onto a network.

Some organisations forbid the use of flash drives, and some computers are configured to disable the mounting of USB mass storage devices by users other than administrators. Others use third-party software to control USB usage. The use of software allows the administrator to not only provide a USB lock but also control the use of DVD-RW, SD cards and other memory devices. This enables companies with policies forbidding the use of USB flash drives in the workplace to enforce these policies. In a lower-tech security solution, some organisations disconnect USB ports inside the computer or fill the USB sockets with epoxy.

Securing USB Ports

However, as the flash drives with various virus, worms and other malicious codes continues to exist amongst home users, the need for securing USB ports is more than ever before. In this programming section, we present you with a simple program to secure the USB ports of your computer by enabling and disabling the ports.

As usual, I use the ever green universal 'C' programming language to accomplish this task. Anyone with a basic knowledge of C language should be able to understand the working of this program.

Once this simple program is executed, it will immediately disable all the USB ports on the computer. As a result, you will not be able to use your pen drive or any other USB based devices on the computer on which it is executed. Since I have also given a program to re-enable all the USB ports, you can test this program on your own computer without any worries.

The two source codes of this program to lock and unlock the USB ports are as follows.

The first 'C' program named Lock_usb.c is used to block the access to USB ports

#include<stdio.h>

void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 4 \/f");
}

The second 'C' program named Unlock_usb.c is used to unlock the access to USB ports

#include<stdio.h>

void main()
{
system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 3 \/f");
}

Compiling Source Programs

If you are new to 'C' programming and find it difficult to compile the 'C' source codes then this section is helpful for you. Here is a step-by-step procedure to install Borland C++ compiler 5.5 and compile C programs.

1. You need to create the following path to the compiler programs mentioned in the following location

C:\Borland\BCC55\Bin

2. Now goto command prompt (Start->Run->type cmd->Enter)

3. To compile the above listed two 'C' source programs Lock_usb.c and Unlock_usb.c use the following command

bcc32 Lock_usb.c

bcc32 Unlock_usb.c

4. After this process, if there are no errors in the source code, two executable files named Lock_usb.exe and Unlock_usb.exe are generated by the compiler.

5. Now you have successfully compiled the 'C' source code programs into executable files (.exe files).

Logic of the program

The logic of the program is simple. The 'C' source file Lock_usb.c writes the DWORD value of 4 (100 in binary) in the registry settings at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start" to 'lock' the USB ports.

Similarly, in the inverse process, the 'C' source file Unlock_usb.c writes the DWORD value of 3 (011 in binary) in the registry settings at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start" to 'unlock' the USB ports.

Changing the ICON of EXE files

Some times it becomes necessary to change the icon of an executable (.exe) file so that the exe file get’s a new appearence and make it more genujine. Many tools such as Icon changer, TuneUP Winstyler does this job by adjusting the Windows to display a custom icon to the user. This means that in-order to permanantly change the icon, it is necessary to modify the executable file and embed the icon inside the file itself. Now when this is done the exe file’s icon is changed permanantly so that even if you take file to a different computer it show’s a new icon.

Further Improvisations

To make it more effective, programmers can merge the two programs and a option can be given to the users to choose to lock or unlock the USB ports. By this way, users can use a given single program to lock and unlock the ports without using the two executable files.

Further to this, a more advanced program can be created by first reading the status of USB ports and then displaying the status to the user. This can be done by reading the DWORD values of the registry settings at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start.

Then the user can be given the choice of taking the action of locking or unlocking them in the second phase of the program. This process is highly recommended because users can read the status of USB ports in addition to lock and unlock them.

A Word of Caution!

Even though the above listed programs are simple and easy to use, any wrong parameters entered into the Windows registry settings can corrupt the registry resulting in un-predictable outcome of Windows behavior. Programmers and users are advised to enter the correct windows registry path and parameter settings into the Windows registry. Go ahead and try these programs.

—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Computer System Security. He has an active interest in designing security algorithms for securing mission critical systems. He can reached at infosecurity@fanaticmedia.co