oss-sec mailing list archives

Re: BadUSB discussion

From: Greg KH <greg () kroah com>
Date: Fri, 8 Aug 2014 12:46:02 -0700

On Fri, Aug 08, 2014 at 06:40:50PM +0100, Eddie Chapman wrote:

Yes, immensely. It's clear to me now that being able to re-programme a USB
device firmware is not quite as easy and straightforward as is being made
out to be in certain quarters.


On the contrary, it's trivial to do on a whole bunch of USB devices as
that is how they were _designed_ to work.  So much so that there is a
whole USB spec on exactly how to do this in a way that will work across
all different operating systems:
        http://www.usb.org/developers/docs/devclass_docs/DFU_1.1.pdf
I don't remember when the 1.0 version of this spec was published, I
think around 1995 or so.

So I really don't see how this ability is anything "shocking" to anyone.

That's not to say that the research being discussed hasn't thrown up
some very interesting issues around hardware and trust.


Never trust hardware.  Until you have to.  :)

greg k-h

Current thread:

Re: BadUSB discussion, (continued)
- Re: BadUSB discussion Florian Weimer (Aug 08)
  - Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Eddie Chapman (Aug 08)
    - Re: BadUSB discussion lazytyped (Aug 09)
    - Re: BadUSB discussion Dean Pierce (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion (GalaxyMaster) (Aug 08)
    - Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
    - Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)
    - Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
    - Re: BadUSB discussion Greg KH (Aug 08)

(Thread continues...)