USG Dongle Firewall Device Is Like A Condom For Your USB Ports
Always use protection! It’s a dangerous world out there for computer users. With malware, ransomware, botnets, and other schemes out to deprive you of your data, system resources, and even the cash in your wallet, users have to tread lightly when surfing the internet. However, as we’ve seen on many occasions, you can also find yourself under attack through direct means through the use of a device like a USB thumb drive.
That’s where the new USG dongle comes into play. The device is in essence a condom for USB devices, allowing you to enjoy all the benefits of device insertion without the side effect of DTDs — digitally transmitted diseases. USG acts as a USB firewall, protecting your computers from nefarious attacks like BadUSB.
The dongle has two USB connectors, each tied to its own ARM controller. Those two controllers then communicate with each other using a limited set of instructions, which would ward off BadUSB attacks (among others).
“The USG isolates BadUSB devices from your computer, while still passing through the data you need. The USG's firmware is fully open and auditable, so you can trust it,” states USG developer Robert Fisk. “And when you use a USG, you no longer have to trust the opaque firmware of dubious origin running on every USB device you own.”
At this point, USG v1.0 only supports a rather limited subset of USB devices including mice, keyboards and thumb drives. However, Fisk says that more USB device types will be supported in future USG firmware updates. He also notes that the device is OS-agnostic, so it can be used on Windows, Linux, macOS and embedded systems. Likewise, you won’t be able to use USG with a USB hub, so it’s recommended that you use one USG per USB device.
Fisk also says that while the USG can be susceptible to attack, it is a fruitless endeavor:
The USG's firmware is as vulnerable as any other USB device out there. But the key point is that an infection cannot jump across the USG's internal firewall, so the other side of the USG is safe… Furthermore any infection cannot persist between restarts, because writes to internal flash memory are disabled on startup. So when you reinsert your USG to a different computer or to use a different device, you are starting from a clean state every time.
Fisk is building USG v1.0 by hand in New Zealand, and refuses to outsource production over features of the design being compromised. However, if you’d like to create your own USG v0.9, the instructions can be found here.