In principle you could do even more clever things, such as powering up ports on the hub based on external conditions, or timing, or counters. The sky's the limit.
Imagine a storage device that only enumerated when it was upside down, or in darkness, or at 2:30AM-2:35AM on Thursdays, or at just above freezing?
I wonder how large the market for something like this is?
Ok, you got me thinking and now I have to assume that someone must have already thought this up, because it would be so immensely useful! Imagine a USB key that behaves like a normal USB key, but if you invert it exactly 3 times in < 10s, then it activates a secondary storage partition. Put mundane family photos or music or such on the first portion, secret documents on the secondary. Sure, someone could disassemble the device to discover the hidden documents, but the point is that most people, after inserting the device and finding the photos and music, would just discard it as uninteresting...
Stick an accelerometer on there, and detect spikes corresponding to someone tapping the device. Then implement some sort of rhythm-based security as desired :)
Turning it around would be pretty hard if it's plugged into a PC, and it can't really do the sensing unplugged unless it's got some sort of internal power, but tap-detection should be fairly robust.
You'd probably want to have it remain in whatever secret-mode until unplugged, to stop spurious jolts from accidentally un/re-mounting it (unless you're really paranoid)
Hopefully they don't struggle plugging it in and accidentally rotate 3 times in that time frame, but your point is still valid. Also encrypt with truecrypt and this gets very interesting.
Especially if when mounted this way it kept much of the regular data and the true-crypt partition (appearing as random noise) was 1-in-4 interleaved throughout making it look like a uninteresting read error on a bank of chips.
But then you need a battery or something. How about switching to the secondary memory if you plug it in, pull it out and plug it in again? Then you might be able to get away with a small capacitor that would get charged on the first connection, and could activate secondary paths afterwards.
I really like this idea, as well as the others in this thread. One minor problem with them is that you would always see the usb hub, which is pretty weird for a mouse. It makes it go from completely invisible, to suspicious - granted that someone is looking very carefully.
Of course, most monitors and keyboards these days are USB hubs, so sticking the secret drive in there wouldn't raise suspicion. Come to think of it, a keyboard is a great place to put it; you could enter a passphrase on the keyboard to unlock the hidden drive.
Darkness is good... If someone was ransacking your apartment/work they'd need light. In places you wouldn't, like the server closets.
A timeout would be good - like the backup drive won't appear until the lights have been off for six hours. Name the server 'mouse' or something appropriately timid.
By strange coincidence, this (http://i.imgur.com/N9yRX.jpg) just turned up on reddit.[1] Someone hacked some flash memory and a USB hub inside a game controller, to carry the games and emulators.
Very nice! It doesn't feel to me that it's really hidden though, since plugging it in will give everything away.
How about a hidden switch on the mouse without which the USB stick isn't connected to the hub? Or how about a mercury switch that will only connect the USB stick when the mouse is upside-down? Not quite as good but less likely to be detected.
There's a guy building a USB thumb-drive type device called the ISOStick (http://blog.elegantinvention.com/?cat=5) which appears to be both a normal storage drive, but also emulates an optical drive containing a virtual disk specified by iso/file images on the usb-storage device.
http://blog.elegantinvention.com/?p=117 has a few more details, but the plan is to have a whole bunch of isos stored on there, and a bootloader/config setup to allow you to choose which appears mounted as the virtual CD.
It works fine, though I've found the menu selection UI a bit dodgy, it requires NTFS (a FAT32 firmware is available but that can't do DVD-size ISOs), and there seems to be an unknown limit to the number of ISOs at which point it breaks and needs eSATA to recover (disk mode USB doesn't work either). But it's the only similar thing i know of that's available now, and it gets the job done.
Isn't it quite easy to block USB storage devices at the OS level? I mean hiding the stick is clever, but it shouldn't really matter. If you only allow HID devices, the mouse still works without getting access to the data on the stick.
Yes, but that isn't necessarily a good enough safeguard. See bigiain's comment about the USB Rubber Ducky... It would take more than a simple USB stick, but a device like that could disguise itself as a keyboard or mouse. Even if you blocked new disk volumes or something, a device emulating a keyboard could send keyboard signals to, say, open a terminal and copy files to/from a remote location.
You could use a keyboard as a data-storage device. Simply cat stdin into a file. That file would be a two-way communication program using the Caps Lock and other status lights for the reverse link. At that point it's as good as a drive, but slower.
If you just want to hide the storage function, why waste the time tinkering with the mouse? I think I've seen an USB stick disguised as an USB extension cable somewhere.
I'm reminded of the battery hacking issue with the macbooks, even though it wasn't USB. I fear that there are a lot more security concerns with this than anything else. Devices are getting more compact, more all-in-one (the iPad doesn't need a mouse), so I'm not sure how long there will even be much practical use for this...except to hide your porn in your mouse I guess...
just plug in your ipod with the excuse of power charging it. no one is going to complain, the ipod is considered just a player by common people, e.g. your managers. the truth is that you are plugging in 8Gb or more of free disk space.
and while you steal data, you can also listen to your favourite music!
p.s. this comment text box is unusable with an ipad!
The best way, if you really want to hide data, is steganography. Embed the information into innocent looking pictures and video. The trick, of course, would be to either download decoding software or upload somewhere when you want access the hidden data.
Not really trivial to detect steganography. There is whole body of work that focus on statistically undetectable data hiding [1]. Much of it is in confines of research labs, but it is still feasible.
Imagine a storage device that only enumerated when it was upside down, or in darkness, or at 2:30AM-2:35AM on Thursdays, or at just above freezing?
I wonder how large the market for something like this is?