[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Find something in the street and plug it in.

I wrote:

> Web search for 'evil maid attack' for reasons why you should probably
> think once, think twice, think three times before plugging unknown USB
> device into any computer you care about.  Or start here:
> https://en.wikipedia.org/wiki/Evil_maid_attack
> https://en.wikipedia.org/wiki/Juice_jacking#Mitigation

On closer examination, the first of those two links doesn't appear to
really address the USB part of this problem at all, and I'm not sure
offhand what's a better link about the general USB problem, though Qubes
OS's page is one starting point:


And the 'BadUSB' pages:
https://opensource.srlabs.de/projects/badusb  (see link 'Introductory
blog post' in particular)

The crux of the problem is that any USB device, if so reprogrammed by a
hostile party, can suddenly start acting like a different USB device
class than it appears to be, and taking actions hostile to the
adminstrator.  I believe I've seen a few stabs at a hardware
countermeasure like a dongle you interpose between your computer's USB
port and an outboard device.  You set a control on the dongle to permit,
say, only USB HID-class (human interface device, such as keyboard and
mouse) operations.  If the device attempts to suddenly say to the host
computer 'OK, I'm actually a mountable mass storage device', the dongle
intercepts that USB instruction and doesn't allow it through.  Likewise
if it's supposed to be a scanner, just a USB cable, etc., but upon
connection it says the host computer 'Actually, I'm an HID-class
device.'  But I cannot remember where I saw that implemented, or
(actually) if I merely saw the idea discussed but not yet implemented.

To keep informed on these sorts of things, I recommend following Brian
Krebs's 'Krebs on Security' and Bruce Schneier's blog.

You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20191008023932.GM6980%40linuxmafia.com.