oss-sec mailing list archives
Re: BadUSB discussion
From: Greg KH <greg () kroah com>
Date: Fri, 8 Aug 2014 09:49:18 -0700
On Fri, Aug 08, 2014 at 09:23:21AM -0700, Dean Pierce wrote:
Being able to "infect" a USB device (allowing unsigned firmware to be flashed on) is bad.
"bad"? Why is that? Loads of devices work this way, a whole class of USB controller chips work exactly in this manner, they require the firmware to be dowloaded to the device from the host operating system before they work at all. They are really common and cheap and used all over the place and have been on the market since the early 1990's.
Being able to "infect" a host controller is bad.
And is something that I have never seen anyone say is possible, have you? If so, details would be great to have.
Using a USB device to get DMA, memory dumps, files, etc via loaded drivers is bad, whether they are using legitimate code paths or kernel bugs.
How can a USB device get any of those things without the Host operating system give them to it the device?
I'm not so worried about the keyboard thing. That's only interesting because it's the automation of exploiting a machine that has already been compromised. Personally I would prefer disabling USB hotplug while a machine is locked (or while there are no active TTYs or something for servers). Even if HID was whitelisted while the machine is locked, it would be a great start.
Then do just that, Linux has allowed you to do this for years, again, but very few people take advantage of it.
In regards to the PCI stuff, don't miss Joe's talk at DEFCON on Sunday. https://www.defcon.org/html/defcon-22/dc-22-speakers.html#FitzPatrick People have much more exposed PCI on their laptops and servers than they realize. It's super cheap, super easy, and when we start selling kits this afternoon, it's going to be super accessible.
express card and thunderbolt are pcie, it's fun to play with, glad to see some "kits" to make it more accessable.
VTd/IOMMU would be nice to have if implemented properly, but it seems like even OSX, the only OS currently using VTd as a security feature, still hasn't gotten it quite right.
What exactly do you mean by "get it right"?
Also firewire attacks are still a thing. What's up with that?
The hardware is designed to do this, the host operating system can't do much about bad hardware, sorry.
ExpressCard and Thunderbolt adapters are super cheap, and Inception is still being actively maintained with new targets being added regularly.
It makes it easy to back up laptops :) thanks, greg k-h
Current thread:
- Re: BadUSB discussion, (continued)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion lazytyped (Aug 09)
- Re: BadUSB discussion Dean Pierce (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion (GalaxyMaster) (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Vincent Lefevre (Aug 14)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)