From owner-freebsd-questions@freebsd.org Tue Jun 20 14:52:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C02D2D9A77C for ; Tue, 20 Jun 2017 14:52:42 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id 9C9B014AF; Tue, 20 Jun 2017 14:52:42 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 89592CB8CDF; Tue, 20 Jun 2017 09:33:38 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 20 Jun 2017 09:33:38 -0500 (CDT) Message-ID: <59477.128.135.52.6.1497969218.squirrel@cosmo.uchicago.edu> In-Reply-To: <9aba32b6-f960-beb4-94bf-b8b3b780ef69@FreeBSD.org> References: <20170620092309.GA3634@c720-r314251> <9aba32b6-f960-beb4-94bf-b8b3b780ef69@FreeBSD.org> Date: Tue, 20 Jun 2017 09:33:38 -0500 (CDT) Subject: Re: Fwd: [cros-discuss] Hacking possibility? Real or not? From: "Valeri Galtsev" To: "Matthew Seaman" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 14:52:42 -0000 On Tue, June 20, 2017 5:38 am, Matthew Seaman wrote: > On 2017/06/20 10:23, Matthias Apitz wrote: >> In the mailing-list about Chromium OS is some interesting discussion >> about some attack vector using an USB plug-in with some Raspery system >> behind to offer to the OS an USB keyboard and ethernet and at the end >> take over the system. More of the discussion here >> >> https://groups.google.com/a/chromium.org/forum/?hl=en#!topic/chromium-os-discuss/UqbGh2kHaVw >> >> and the full technical description here: >> >> https://samy.pl/poisontap/ >> >> As far as I can see, the same attack would be possible as well on >> FreeBSD, maybe not so easy because the devd(8) must be configured and >> the module for ethernet on USB cdce(4) must be loaded in advance. >> > > Isn't this yet another manifestation of physical access to the hardware > being almost impossible to secure against? Don't plug in any strange > USB devices kids, and don't let your portable kit out of your control so > that other people could take liberties with your USB ports either. As they said in system security manual some 30 years ago: the first step in securing machine is physical security of your box ;-) Valeri > > Cheers, > > Matthew > > > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++