Re: BadUSB discussion

[Rich Felker <dalias () libc org>]

On Fri, Aug 08, 2014 at 01:36:36PM +0100, John Haxby wrote:
> On 08/08/14 12:20, Dan Carpenter wrote:
> > The attack looks like someone who says, "Can you copy some files from
> > my USB flash drive which?" (not knowing it is infected) and then there
> > is a popup, "This newly inserted USB device is trying to type commands,
> > is that ok?  y/N?".
>
> That's all very well, but:
>
> > One of the attacks involves a USB stick that acts as three separate
> > devices -- two thumb drives and a keyboard. When the device is first
> > plugged into a computer and is detected by the OS, it acts as a regular
> > storage device. However, when the computer is restarted and the device
> > detects that it's talking to the BIOS, it switches on the hidden storage
> > device and also emulates the keyboard, Nohl said.
> >
> > Acting as a keyboard, the device sends the necessary button presses
> > to bring up the boot menu and boots a minimal Linux system from the
> > hidden thumb drive. The Linux system then infects the bootloader of the
> > computer's hard disk drive, essentially acting like a boot virus, he said.

This sounds like an argument for password-protecting your BIOS and
bootloader if anything, and disabling boot from any device except the
primary hdd except when installing.

Rich