BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell
Julian H. Stacey
jhs at berklix.com
Tue Oct 7 22:37:00 UTC 2014
Hi
Hans Petter Selasky wrote:
> On 10/06/14 22:30, Poul-Henning Kamp wrote:
> > --------
> > In message <201410061956.s96Ju8S3089675 at fire.js.berklix.net>, "Julian H. Stacey
> > " writes:
> >
> >> For FreeBSD,
> >> I guess for serious security, every new device that is connected
> >> & recognised by /sbin/devd should in future be personaly authorised
> >> by a human ! One can no longer trust what reports itself to be
> >> eg a keyboard to actually Be a keyboard, etc.
> >
> > "no longer" ?
> >
> > When you could you *ever* trust a USB device about anything ?
Yes. Can't even trust a memory stick, even when avoiding a reboot,
even when not mounting it.
> Hi,
>
> You should not assume you can trust hardware :-) Especially removable
> hardware.
Yes. That lecture has fortified my lapsed paranoia ;-)
> It is possible to add a sysctl to halt the probing of USB devices, so
> that USB devices can only be detached from the system.
Good idea.
Would provide more protection than my idea of some confirm Yes/No
command called from devd attach, (as a BadUSB device could masquerade
a keyboard device to say Yes).
sysctl -a -d | grep device | rev | sort | rev | more
shows nothing, so I guess it would be nice if someone wrote such a sysctl.
> The problem is
> that if the main input is a USB keyboard and that goes away, you have no
> easy way to recover your system ...
Yes, sometimes some users wouldn't want to enable that sysctl,
but it would allow considerable protection for others. I think it
would be good to have, just a question of which default state at boot,
inhibit off I guess, as now (least suprise).
> Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device
> might highjack the traffic of another one.
So a sysctl would provide more safety, but still not be totaly safe,
best we can do I guess. The end of the lecture alluded to this
masquerading possibility, that devices had no ID encryption key to
prevent it, (& in some cases not even a serial number).
Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
Indent previous with "> ". Interleave reply paragraphs like a play script.
Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.
More information about the freebsd-security
mailing list