oss-sec mailing list archives
Re: BadUSB discussion
From: gremlin () gremlin ru
Date: Fri, 8 Aug 2014 20:09:53 +0400
On 08-Aug-2014 08:18:21 -0700, Greg KH wrote:
That means, every device after being detected by the system must be explicitly activated by some human activity. Yes, users may and, most likely, will be fooled to do that (as they are fooled to connect the attacker's device), but this activation will at least make the use of untrusted devices more difficult.How can I activate a USB keyboard (the only input device attached to the system), with the USB keyboard that I plugged into it?
I've mentioned this issue in the message you've replied to. Possible solution could be whitelisting physical ports, but...
Again, fix the real problem here, if there is one, don't try to throw "is this device ok to use" dialogs up, they just annoy people and don't do anything.
"Yes, yes, yes..." without reading the message. I know that.
Oh, and if you want, you can disable all USB devices on your Linux system by default, and only "authorize" them explicitly if you programatically think they should be enabled. We have had support in the kernel for that for years now, but very few people actually use it.
I've faced that only once, and my solution was straightforward: those two servers were running a kernel built with only basic USB HID support (keyboard+mouse, IIRC) and without module load support. That appeared to be quite enough.
So the tools to do this are already there, why aren't you using them? :)
You could guess: sometimes I'm developing USB devices and have to test them. That formed a good habit of connecting my devices to a hub instead of directly to BB :-) -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Current thread:
- Re: BadUSB discussion, (continued)
- Re: BadUSB discussion Vincent Lefevre (Aug 14)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion John Haxby (Aug 08)
- Re: BadUSB discussion Rich Felker (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion (GalaxyMaster) (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)