From owner-freebsd-usb@FreeBSD.ORG Mon Oct 6 20:01:21 2014 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76A603D7; Mon, 6 Oct 2014 20:01:21 +0000 (UTC) Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E0AAF11B; Mon, 6 Oct 2014 20:01:20 +0000 (UTC) Received: by mail-wg0-f43.google.com with SMTP id m15so7570203wgh.14 for ; Mon, 06 Oct 2014 13:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=12LhHdCodqNdCZzJJBBKhxHZ5o3z60E2t7LWV4mla28=; b=nozrCWQUPvIapfcInki/4nWBAooH8GvYr3cG8b31OJguE7QLpVoLxCQpRgtGJrdt/S i5lZBSUheCX9sI3t4xyQ+mt/kpDWw+iH+AhrWhoE6mThVQ+f5iYjXryFdCZabGA3FqQD GY8itapJKC0iWs2Bem1rUydeWqfiRGa4eTOx4eO46V4qWU6HVXkhbZadOw1tkxD3xjMP WFloPWg8sJOhfnNtaJGD22kgRG2XoHPEfKeHveRVdbak4qxCVEGqNK5KHGh3jAJYG8gA JNzMhlQi9q07ACvDl/IiideBDD4DxDR0fAQjqNfaql/Dx9ivctCka04vIfKmppNDTg8j V2Jw== MIME-Version: 1.0 X-Received: by 10.194.93.193 with SMTP id cw1mr33308829wjb.50.1412625679170; Mon, 06 Oct 2014 13:01:19 -0700 (PDT) Received: by 10.27.52.144 with HTTP; Mon, 6 Oct 2014 13:01:19 -0700 (PDT) In-Reply-To: <201410061956.s96Ju8S3089675@fire.js.berklix.net> References: <201410061956.s96Ju8S3089675@fire.js.berklix.net> Date: Mon, 6 Oct 2014 22:01:19 +0200 Message-ID: Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell From: Oliver Pinter To: "Julian H. Stacey" , HardenedBSD Developers Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org, freebsd-usb@freebsd.org X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2014 20:01:21 -0000 fwd to HardenedBSD Developers On 10/6/14, Julian H. Stacey wrote: > Hi freebsd-usb@freebsd.org, (I suggest replies to usb@) > cc: freebsd-security@freebsd.org FYI > > Ref. article on BadUSB pan OS (non FreeBSD specific) security loophole > http://www.bbc.com/news/technology-29475566 > Dated 6 October 2014 Last updated at 15:29 GMT > > I found https://github.com/search?utf8=%E2%9C%93&q=BadUSB > > Then viewed https://www.youtube.com/watch?v=nuruzFqMgIw > ( Which BTW plays nicely inc. sound on FreeBSD-9.2-RELEASE > + firefox without any flash installed (certainly no > ports/graphics/gnash) > > A fascinating video by Lecturers Karsten Nohl & Jacob Lell at Black Hat > USA 2014, Run time 44:30 ) > (PS for non native English spekers on this global list, dont worry if > you find Jacob's accent hard, Karsten resumes for last 3rd, listen on :-) > > It seems USB controllers (8041 or so based) can first masquerade > one device, then pause & masquerade another device type. This is > an OS independent security list. Lecturers includes both demo of > an MS to Linux contamination, & consideration of other scenarios. > A predominant USB controller manufacturer in Taipei was not happy. > > The lecturers didn't discuss MS or Linux or Android smart phone > protection schemes (except to allude to the danger of someone saying > "Can I plug in my smart phone to your PC to charge it ?". > > It can't be ignored as a smart phone exploit: the demo wasn't with a > smart phone but a `dumb' stick. > > One can't get some protection by checking for sernum connecting, as devd > shows: > - my USB to PS2 adapter (vendor=0x04b4 product=0x8081) emits sernum="" > - my real USB "Havit" keyboard (vendor=0x1241 product=0x1203) emits > sernum="" > > For FreeBSD, > I guess for serious security, every new device that is connected > & recognised by /sbin/devd should in future be personaly authorised > by a human ! One can no longer trust what reports itself to be > eg a keyboard to actually Be a keyboard, etc. > > /usr/src/etc/devd/*.conf & my own .conf do Not meet that awkward > security requirement... yet. I guess we'll need a couple of hooks > that support Yes/No, one from cli & one for within X11. > > There's no security warning section in > http://en.wikipedia.org/wiki/Flash_memory > > Cheers, > Julian > -- > Julian Stacey, BSD Linux Unix'78 C Sys Eng Consultant Munich > http://berklix.com > Indent previous with "> ". Interleave reply paragraphs like a play > script. > Send plain text, not quoted-printable, HTML, base64, or > multipart/alternative. > ShellShock - http://www.berklix.com/~jhs/bash/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >