From owner-freebsd-usb@FreeBSD.ORG Tue Oct 7 22:37:00 2014 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 985F9FA0; Tue, 7 Oct 2014 22:37:00 +0000 (UTC) Received: from land.berklix.org (land.berklix.org [144.76.10.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27236ACE; Tue, 7 Oct 2014 22:36:59 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBCF45.dip0.t-ipconnect.de [93.203.207.69]) (authenticated bits=128) by land.berklix.org (8.14.5/8.14.5) with ESMTP id s97MXfdr003288; Tue, 7 Oct 2014 22:33:41 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id s97MaaLo089296; Wed, 8 Oct 2014 00:36:36 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id s97Ma56M051223; Wed, 8 Oct 2014 00:36:23 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201410072236.s97Ma56M051223@fire.js.berklix.net> To: Hans Petter Selasky Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 06 Oct 2014 22:48:14 +0200." <5433000E.7000404@selasky.org> Date: Wed, 08 Oct 2014 00:36:05 +0200 Cc: freebsd-security@freebsd.org, Poul-Henning Kamp , freebsd-usb@freebsd.org X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2014 22:37:00 -0000 Hi Hans Petter Selasky wrote: > On 10/06/14 22:30, Poul-Henning Kamp wrote: > > -------- > > In message <201410061956.s96Ju8S3089675@fire.js.berklix.net>, "Julian H. Stacey > > " writes: > > > >> For FreeBSD, > >> I guess for serious security, every new device that is connected > >> & recognised by /sbin/devd should in future be personaly authorised > >> by a human ! One can no longer trust what reports itself to be > >> eg a keyboard to actually Be a keyboard, etc. > > > > "no longer" ? > > > > When you could you *ever* trust a USB device about anything ? Yes. Can't even trust a memory stick, even when avoiding a reboot, even when not mounting it. > Hi, > > You should not assume you can trust hardware :-) Especially removable > hardware. Yes. That lecture has fortified my lapsed paranoia ;-) > It is possible to add a sysctl to halt the probing of USB devices, so > that USB devices can only be detached from the system. Good idea. Would provide more protection than my idea of some confirm Yes/No command called from devd attach, (as a BadUSB device could masquerade a keyboard device to say Yes). sysctl -a -d | grep device | rev | sort | rev | more shows nothing, so I guess it would be nice if someone wrote such a sysctl. > The problem is > that if the main input is a USB keyboard and that goes away, you have no > easy way to recover your system ... Yes, sometimes some users wouldn't want to enable that sysctl, but it would allow considerable protection for others. I think it would be good to have, just a question of which default state at boot, inhibit off I guess, as now (least suprise). > Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device > might highjack the traffic of another one. So a sysctl would provide more safety, but still not be totaly safe, best we can do I guess. The end of the lecture alluded to this masquerading possibility, that devices had no ID encryption key to prevent it, (& in some cases not even a serial number). Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Indent previous with "> ". Interleave reply paragraphs like a play script. Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.