BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell
Hans Petter Selasky
hps at selasky.org
Mon Oct 6 20:48:20 UTC 2014
On 10/06/14 22:30, Poul-Henning Kamp wrote:
> --------
> In message <201410061956.s96Ju8S3089675 at fire.js.berklix.net>, "Julian H. Stacey
> " writes:
>
>> For FreeBSD,
>> I guess for serious security, every new device that is connected
>> & recognised by /sbin/devd should in future be personaly authorised
>> by a human ! One can no longer trust what reports itself to be
>> eg a keyboard to actually Be a keyboard, etc.
>
> "no longer" ?
>
> When you could you *ever* trust a USB device about anything ?
>
Hi,
You should not assume you can trust hardware :-) Especially removable
hardware.
It is possible to add a sysctl to halt the probing of USB devices, so
that USB devices can only be detached from the system. The problem is
that if the main input is a USB keyboard and that goes away, you have no
easy way to recover your system ...
Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device
might highjack the traffic of another one.
--HPS
More information about the freebsd-security
mailing list