How to detect serial port sniffer?

0
votes

Is it possible to detect if some serial port is being sniffed by another process running on Windows?

We have an application that receives some sensitive data that cannot be read by other people. So, before opening the serial port, we need to check if the port is being monitored.

We can use the CreateFile Windows API function to open the serial port with exclusive access rights, but if the monitor runs before our call, it can read all the communication (it opens the serial port with shared access rights, so we can open the port at the same time). To avoid this, the attempt is to check if the port is being monitored and raise an exception, warning the user. Is it possible to do this?

2
winapiserial-port
I don't think that applications can open serial ports for shared access, and even if they can I think that your asking for exclusive access would preclude your being given one that's already open. If I wanted to write software to spy on your serial port usage, I'd write a serial port filter driver.ChrisW

2 Answers

5
votes

Port sniffing requires a filter driver, like SysInternals' PortMon utility. You are taking the wrong kind of approach to secure your application. When somebody can install a filter driver, the attacker has more than enough privileges to completely disable your app and replace it with something else of his own making. Trying to detect and prevent information loss through your app is pointless, the system itself has to be secured. A serial port is probably the first thing you'll have to lose, it is trivial to tap its wires.

1
votes

Rather than lose the serial port why not encrypt your data. This assumes that both the DTE and DCE are programmable.