Fwd: [cros-discuss] Hacking possibility? Real or not?

Valeri Galtsev galtsev at kicp.uchicago.edu
Tue Jun 20 14:52:42 UTC 2017


On Tue, June 20, 2017 5:38 am, Matthew Seaman wrote:
> On 2017/06/20 10:23, Matthias Apitz wrote:
>> In the mailing-list about Chromium OS is some interesting discussion
>> about some attack vector using an USB plug-in with some Raspery system
>> behind to offer to the OS an USB keyboard and ethernet and at the end
>> take over the system. More of the discussion here
>>
>> https://groups.google.com/a/chromium.org/forum/?hl=en#!topic/chromium-os-discuss/UqbGh2kHaVw
>>
>> and the full technical description here:
>>
>> https://samy.pl/poisontap/
>>
>> As far as I can see, the same attack would be possible as well on
>> FreeBSD, maybe not so easy because the devd(8) must be configured and
>> the module for ethernet on USB cdce(4) must be loaded in advance.
>>
>
> Isn't this yet another manifestation of physical access to the hardware
> being almost impossible to secure against?   Don't plug in any strange
> USB devices kids, and don't let your portable kit out of your control so
> that other people could take liberties with your USB ports either.

As they said in system security manual some 30 years ago: the first step
in securing machine is physical security of your box ;-)

Valeri

>
> 	Cheers,
>
> 	Matthew
>
>
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++


More information about the freebsd-questions mailing list