Date: Mon, 6 Oct 2014 22:01:19 +0200 From: Oliver Pinter <oliver.pntr@gmail.com> To: "Julian H. Stacey" <jhs@berklix.com>, HardenedBSD Developers <dev@hardenedbsd.org> Cc: freebsd-security@freebsd.org, freebsd-usb@freebsd.org Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell Message-ID: <CAPjTQNGk4XDgeJcu=-LKVV9eajuNG%2BVxiru_6dGomrEG3eCy3Q@mail.gmail.com> In-Reply-To: <201410061956.s96Ju8S3089675@fire.js.berklix.net> References: <201410061956.s96Ju8S3089675@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
fwd to HardenedBSD Developers On 10/6/14, Julian H. Stacey <jhs@berklix.com> wrote: > Hi freebsd-usb@freebsd.org, (I suggest replies to usb@) > cc: freebsd-security@freebsd.org FYI > > Ref. article on BadUSB pan OS (non FreeBSD specific) security loophole > http://www.bbc.com/news/technology-29475566 > Dated 6 October 2014 Last updated at 15:29 GMT > > I found https://github.com/search?utf8=%E2%9C%93&q=BadUSB > > Then viewed https://www.youtube.com/watch?v=nuruzFqMgIw > ( Which BTW plays nicely inc. sound on FreeBSD-9.2-RELEASE > + firefox without any flash installed (certainly no > ports/graphics/gnash) > > A fascinating video by Lecturers Karsten Nohl & Jacob Lell at Black Hat > USA 2014, Run time 44:30 ) > (PS for non native English spekers on this global list, dont worry if > you find Jacob's accent hard, Karsten resumes for last 3rd, listen on :-) > > It seems USB controllers (8041 or so based) can first masquerade > one device, then pause & masquerade another device type. This is > an OS independent security list. Lecturers includes both demo of > an MS to Linux contamination, & consideration of other scenarios. > A predominant USB controller manufacturer in Taipei was not happy. > > The lecturers didn't discuss MS or Linux or Android smart phone > protection schemes (except to allude to the danger of someone saying > "Can I plug in my smart phone to your PC to charge it ?". > > It can't be ignored as a smart phone exploit: the demo wasn't with a > smart phone but a `dumb' stick. > > One can't get some protection by checking for sernum connecting, as devd > shows: > - my USB to PS2 adapter (vendor=0x04b4 product=0x8081) emits sernum="" > - my real USB "Havit" keyboard (vendor=0x1241 product=0x1203) emits > sernum="" > > For FreeBSD, > I guess for serious security, every new device that is connected > & recognised by /sbin/devd should in future be personaly authorised > by a human ! One can no longer trust what reports itself to be > eg a keyboard to actually Be a keyboard, etc. > > /usr/src/etc/devd/*.conf & my own .conf do Not meet that awkward > security requirement... yet. I guess we'll need a couple of hooks > that support Yes/No, one from cli & one for within X11. > > There's no security warning section in > http://en.wikipedia.org/wiki/Flash_memory > > Cheers, > Julian > -- > Julian Stacey, BSD Linux Unix'78 C Sys Eng Consultant Munich > http://berklix.com > Indent previous with "> ". Interleave reply paragraphs like a play > script. > Send plain text, not quoted-printable, HTML, base64, or > multipart/alternative. > ShellShock - http://www.berklix.com/~jhs/bash/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPjTQNGk4XDgeJcu=-LKVV9eajuNG%2BVxiru_6dGomrEG3eCy3Q>