Date: Tue, 20 Jun 2017 11:23:09 +0200 From: Matthias Apitz <guru@unixarea.de> To: freebsd-questions@freebsd.org Subject: Fwd: [cros-discuss] Hacking possibility? Real or not? Message-ID: <20170620092309.GA3634@c720-r314251>
next in thread | raw e-mail | index | archive | help
--sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, In the mailing-list about Chromium OS is some interesting discussion about some attack vector using an USB plug-in with some Raspery system behind to offer to the OS an USB keyboard and ethernet and at the end take over the system. More of the discussion here=20 https://groups.google.com/a/chromium.org/forum/?hl=3Den#!topic/chromium-os-= discuss/UqbGh2kHaVw and the full technical description here: https://samy.pl/poisontap/ As far as I can see, the same attack would be possible as well on FreeBSD, maybe not so easy because the devd(8) must be configured and the module for ethernet on USB cdce(4) must be loaded in advance. matthias ----- Forwarded message from Jim Dantin <jim.dantin@gmail.com> ----- Date: Sun, 18 Jun 2017 15:56:40 -0700 (PDT) =46rom: Jim Dantin <jim.dantin@gmail.com> To: Chromium OS discuss <chromium-os-discuss@chromium.org> Subject: [cros-discuss] Hacking possibility? Real or not? Mike Frysinger and other Chromium OS experts - This rather one-sided Microsoft video brings up some interesting claims.=20 I'll ignore the claim that Windows is more secure, but I wonder about what= =20 really is possible with ChromeOS devices. https://www.youtube.com/watch?v=3DDJg-mI3tuaU I'd like us to get ahead of any more fear mongering by having someone=20 knowledgeable examine the actual threat. This appears to be the exploit: https://samy.pl/poisontap/ For a protected mode ChromeOS device, what are the actual vulnerabilities= =20 and dangers?=20 I expect that a logged in device could be exposed to data theft if the user= =20 (or someone else) plugged in a malicious device, but what about a=20 locked-screen or logged out device? For logged in, unlocked devices, what mischief could be done? Anyone care to be a truth-teller here? Thanks. --=20 --=20 Chromium OS discuss mailing list: chromium-os-discuss@chromium.org View archives, change email options, or unsubscribe:=20 http://groups.google.com/a/chromium.org/group/chromium-os-discuss?hl=3Den ---=20 You received this message because you are subscribed to the Google Groups "= Chromium OS discuss" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to chromium-os-discuss+unsubscribe@chromium.org. ----- End forwarded message ----- --=20 Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d= e/ =E2=98=8E +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub 8. Mai 1945: Wer nicht feiert hat den Krieg verloren. 8 de mayo de 1945: Quien no festeja perdi=C3=B3 la Guerra. May 8, 1945: Who does not celebrate lost the War. --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAllI6XoACgkQR8z35Hb+ nRGSXw//ZfiYqrbB0q80GrlWkpkuLbi/nzMfNT3V2gRiyHCXrSbc8Lc9rms/eJTx QukzZXhmpLUptLwAipJy8zbT7/K2gcXDKoMZLlTfZxoX8IT+T36LDNUspo/JE6kw 0PUIkRhS+hg8+qJ/FRZ3TeDqpVIbQ9qftSEy8rg8Rp25lm9Vnfs8r/vNTQg1k5EH UvvNtqJ/d1unby4W7MxmD5LLzG32oXu0+oMSD765bdaVclt2ItyeV7wNZQOGnXFR bZWHbB29TyHhiPF1Hz752wxGcVcEnU6Bkp0TIpWeXN3pazJ6kuHHdjrCyhrhSuNG RB2fCRCperItGHRinFXdXFUzlY8Yj5owlXf4RJqFmw3xFKA9iVyeD15Fnph8OQXe Fw6hmQcGEivY9AloPW66J/m6XFxN4eV7SvlLTmFyh2/QTJ7qeCSWMYRj1rBLJW2a 1qU4ztYEXtGrZatSEz1qrN8GSy+QLUrqSeY/xaNXrY1oFVRF2aul0DH3V1Og6PMA RBPbKNJCiZkWp4Np7XdpxWIgkjHTTIvkJzqx6jZfer4h/nGRvDhdHkHs+WThFCGC fE4eC/DGCq573IPvtjhuWpR+WR7uheykT4X7ooughTKwfDiGT9IBavcSTB4yoowX J2/kRg9+jEsSysMtG209XbKVavkcvQPLaGUKVgLY9B9xaPgLZ2k= =US27 -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170620092309.GA3634>