oss-sec mailing list archives

BadUSB discussion

From: Dan Carpenter <dan.carpenter () oracle com>
Date: Fri, 8 Aug 2014 14:20:21 +0300

I'm surprised we haven't had any discussion about the recent BadUSB
articles.

http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
http://security.stackexchange.com/questions/64524/how-to-prevent-badusb-attacks-on-linux-desktop

We could put a popup if there is a second keyboard attached to check
that the person controlling the existing keyboard is aware of the second
one.

The attack looks like someone who says, "Can you copy some files from
my USB flash drive which?" (not knowing it is infected) and then there
is a popup, "This newly inserted USB device is trying to type commands,
is that ok?  y/N?".

regards,
dan carpenter

Current thread:

BadUSB discussion Dan Carpenter (Aug 08)
- Re: BadUSB discussion Florian Weimer (Aug 08)
  - Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)

(Thread continues...)