BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell

Julian H. Stacey jhs at berklix.com
Tue Oct 7 22:37:00 UTC 2014 

Hi
Hans Petter Selasky wrote:
> On 10/06/14 22:30, Poul-Henning Kamp wrote:
> > --------
> > In message <201410061956.s96Ju8S3089675 at fire.js.berklix.net>, "Julian H. Stacey
> > " writes:
> >
> >> For FreeBSD,
> >>   I guess for serious security, every new device that is connected
> >>   & recognised by /sbin/devd should in future be personaly authorised
> >>   by a human !  One can no longer trust what reports itself to be
> >>   eg a keyboard to actually Be a keyboard, etc.
> >
> > "no longer" ?
> >
> > When you could you *ever* trust a USB device about anything ?

Yes.  Can't even trust a memory stick, even when avoiding a reboot,
even when not mounting it.


> Hi,
> 
> You should not assume you can trust hardware :-) Especially removable 
> hardware.

Yes. That lecture has fortified my lapsed paranoia ;-)


> It is possible to add a sysctl to halt the probing of USB devices, so 
> that USB devices can only be detached from the system.

Good idea.  
Would provide more protection than my idea of some confirm Yes/No
command called from devd attach, (as a BadUSB device could masquerade
a keyboard device to say Yes).

	sysctl -a -d | grep device | rev | sort | rev | more
shows nothing, so I guess it would be nice if someone wrote such a sysctl.


> The problem is 
> that if the main input is a USB keyboard and that goes away, you have no 
> easy way to recover your system ...

Yes, sometimes some users wouldn't want to enable that sysctl,
but it would allow considerable protection for others.  I think it
would be good to have, just a question of which default state at boot,
inhibit off I guess, as now (least suprise).


> Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device 
> might highjack the traffic of another one.

So a sysctl would provide more safety, but still not be totaly safe,
best we can do I guess.  The end of the lecture alluded to this
masquerading possibility, that devices had no ID encryption key to
prevent it, (& in some cases not even a serial number).

Cheers,
Julian
-- 
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Indent previous with "> ".  Interleave reply paragraphs like a play script.
 Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.

More information about the freebsd-security mailing list