[PATCH v2 0/1] HID: add malicious HID device detection driver

Next message: Zubeyr Almaho: "[PATCH v2 1/1] HID: add malicious HID device detection driver"
Previous message: Gary Guo: "Re: [PATCH] gpu: nova-core: falcon: align firmware DMA object size to required block alignment"
Next in thread: Zubeyr Almaho: "[PATCH v2 1/1] HID: add malicious HID device detection driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zubeyr Almaho

Date: Sat Apr 04 2026 - 09:38:09 EST

Hi Jiri, Benjamin,

This series introduces hid-omg-detect, a passive HID monitor that scores
potentially malicious keyboard-like USB devices (BadUSB / O.MG style)
using:

- keystroke timing entropy,
- plug-and-type latency,
- USB descriptor fingerprinting.

When the configurable threshold is crossed, the module emits a warning
with a userspace mitigation hint (usbguard).

The driver does not block, delay, or modify HID input events.

Changes since v1:
- Replaced global list + mutex with per-device drvdata.
- Removed logging inside spinlock-held regions.
- Moved VID/PID lookup to probe() to avoid hot-path overhead.
- Switched logging to hid_{info,warn,err} helpers.
- Capped timing sample counter at MAX_TIMING_SAMPLES.
- Renamed file to hid-omg-detect.c for kernel naming conventions.

Thanks,
Zubeyr Almaho

---
drivers/hid/hid-omg-detect.c | 435 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 435 insertions(+)