Junpeng Wan, Purdue University; Yanxiang Bi, The Chinese University of Hong Kong; Han Gao and Dave (Jing) Tian, Purdue University
Universal Serial Bus (USB) hubs enhance connectivity in modern computers by allowing multiple peripheral devices to share a single upstream port. Common peripherals include external storage devices, network interface cards, cameras, and keyboards. However, when several devices operate simultaneously, bus contention within the USB hub becomes unavoidable. Such contention causes timing variations that can be exploited to leak sensitive information.
We identify three types of USB bus contention and design multiple side-channel attacks to infer user activities based on these contentions. These attacks can be launched from a virtual machine, a remote website, or a USB peripheral, as demonstrated in three distinct attack scenarios. By collecting I/O interval data using our probers, we can recover information such as web browsing history, camera-captured activities, and keystrokes with accuracies ranging from 85% to 99%. We evaluated 15 leading USB 3.x external hubs on the market, a USB 2.0 hub, and an internal hub, most of which are vulnerable to HubBub attacks. We have reported our findings to the relevant stakeholders.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Junpeng Wan and Yanxiang Bi and Han Gao and Dave (Jing) Tian},
title = {{HubBub}: {Contention-Based} {Side-Channel} Attacks on {USB} Hubs},
booktitle = {34th USENIX Security Symposium (USENIX Security 25)},
year = {2025},
isbn = {978-1-939133-52-6},
address = {Seattle, WA},
pages = {3921--3940},
url = {https://www.usenix.org/conference/usenixsecurity25/presentation/wan},
publisher = {USENIX Association},
month = aug
}
