From owner-freebsd-questions@freebsd.org Tue Jun 20 15:22:08 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A534BD9AF32 for ; Tue, 20 Jun 2017 15:22:08 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 62C1D2760 for ; Tue, 20 Jun 2017 15:22:07 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id B06A76206C for ; Tue, 20 Jun 2017 11:16:00 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzW6bD1i2oDA for ; Tue, 20 Jun 2017 11:15:59 -0400 (EDT) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 6E91B62051 for ; Tue, 20 Jun 2017 11:15:58 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca; s=dkim_hll; t=1497971758; bh=IrE9yV4ZIIYwAywfpEDhUQVGISEykeaMw5ZHZRWjNNU=; h=In-Reply-To:References:Date:Subject:From:To:Reply-To; b=wWHrhkzjZ4QhuOkCYLdlSjpnO47LwH6wpRHO6h0LolWIt30BF7BV3R6JoJ9Ykpwo4 XIzdoyr5Chi3JDyj2Urkdw8Tgp/aBPwmm/4Naal41nExyDbDuh8F9LWlHEKBKqh74m +CsMuDmBMTYXjDsLjpnWlbAc3id4P3XMGYz/SkCljLb7fJn5lOjVnDIpMmMAzqzsQm 1zWfoXDq33WfxdFHXhaU5F7NTRRwa53GIfuJo6aXM9SLMeWc7QKSjS3YBkEG3hsxH3 B2ru5IZxZGNaLC/oasTGX+/XyDh3+52I3nxGdeTzFSXYm169hpK7FS55Yg6HE65RBs 2sr27NJWJFoBA== Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Tue, 20 Jun 2017 11:15:58 -0400 Message-ID: In-Reply-To: References: Date: Tue, 20 Jun 2017 11:15:58 -0400 Subject: Re: Fwd: [cros-discuss] Hacking possibility? Real or not? From: "James B. Byrne" To: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 15:22:08 -0000 On Tue, June 20, 2017 06:38, Matthew Seaman wrote: > On 2017/06/20 10:23, Matthias Apitz wrote: >> In the mailing-list about Chromium OS is some interesting discussion >> about some attack vector using an USB plug-in with some Raspery >> system behind to offer to the OS an USB keyboard and ethernet and >> at the end take over the system. More of the discussion here >> >> https://groups.google.com/a/chromium.org/forum/?hl=en#!topic/chromium-os-discuss/UqbGh2kHaVw >> >> and the full technical description here: >> >> https://samy.pl/poisontap/ >> >> As far as I can see, the same attack would be possible as well on >> FreeBSD, maybe not so easy because the devd(8) must be configured >> and the module for ethernet on USB cdce(4) must be loaded in advance. >> > > Isn't this yet another manifestation of physical access to the > hardware being almost impossible to secure against? Don't plug > in any strange USB devices kids, and don't let your portable kit > out of your control so that other people could take liberties > with your USB ports either. Every USB device contains a controller which itself operates on the basis of flash-able microcode. Few such controllers have any safeguards against being reprogrammed. Consequently, any physical access to any USB port on a host allows an attacker to permanently corrupt and infect the USB device controller(s) on a target system. As such malware likely contains code to prohibit further reprogramming the infection is permanent and removal of the affected hardware is the only remedy. On most modern computers this requires discarding the motherboard. This issue was demonstrated at BlackHat-2014. To the best of my knowledge, few if any USB device manufacturers provide hardened controllers. IronKey is the only external flash memory device that I know of which claims to. But I have seen nothing respecting host based controllers. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3