Date: Wed, 08 Oct 2014 00:36:05 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: Hans Petter Selasky <hps@selasky.org> Cc: freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk>, freebsd-usb@freebsd.org Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell Message-ID: <201410072236.s97Ma56M051223@fire.js.berklix.net> In-Reply-To: Your message "Mon, 06 Oct 2014 22:48:14 %2B0200." <5433000E.7000404@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Hans Petter Selasky wrote: > On 10/06/14 22:30, Poul-Henning Kamp wrote: > > -------- > > In message <201410061956.s96Ju8S3089675@fire.js.berklix.net>, "Julian H. Stacey > > " writes: > > > >> For FreeBSD, > >> I guess for serious security, every new device that is connected > >> & recognised by /sbin/devd should in future be personaly authorised > >> by a human ! One can no longer trust what reports itself to be > >> eg a keyboard to actually Be a keyboard, etc. > > > > "no longer" ? > > > > When you could you *ever* trust a USB device about anything ? Yes. Can't even trust a memory stick, even when avoiding a reboot, even when not mounting it. > Hi, > > You should not assume you can trust hardware :-) Especially removable > hardware. Yes. That lecture has fortified my lapsed paranoia ;-) > It is possible to add a sysctl to halt the probing of USB devices, so > that USB devices can only be detached from the system. Good idea. Would provide more protection than my idea of some confirm Yes/No command called from devd attach, (as a BadUSB device could masquerade a keyboard device to say Yes). sysctl -a -d | grep device | rev | sort | rev | more shows nothing, so I guess it would be nice if someone wrote such a sysctl. > The problem is > that if the main input is a USB keyboard and that goes away, you have no > easy way to recover your system ... Yes, sometimes some users wouldn't want to enable that sysctl, but it would allow considerable protection for others. I think it would be good to have, just a question of which default state at boot, inhibit off I guess, as now (least suprise). > Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device > might highjack the traffic of another one. So a sysctl would provide more safety, but still not be totaly safe, best we can do I guess. The end of the lecture alluded to this masquerading possibility, that devices had no ID encryption key to prevent it, (& in some cases not even a serial number). Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Indent previous with "> ". Interleave reply paragraphs like a play script. Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410072236.s97Ma56M051223>