oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BadUSB discussion

From: Greg KH <greg () kroah com>
Date: Fri, 8 Aug 2014 08:18:21 -0700
On Fri, Aug 08, 2014 at 07:00:00PM +0400, gremlin () gremlin ru wrote:

That means, every device after being detected by the system must
be explicitly activated by some human activity. Yes, users may
and, most likely, will be fooled to do that (as they are fooled
to connect the attacker's device), but this activation will at
least make the use of untrusted devices more difficult.


How can I activate a USB keyboard (the only input device attached to the
system), with the USB keyboard that I plugged into it?

Fun times...

Again, fix the real problem here, if there is one, don't try to throw
"is this device ok to use" dialogs up, they just annoy people and don't
do anything.

Oh, and if you want, you can disable all USB devices on your Linux
system by default, and only "authorize" them explicitly if you
programatically think they should be enabled.  We have had support in
the kernel for that for years now, but very few people actually use it.

So the tools to do this are already there, why aren't you using them? :)

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: