Date: Mon, 06 Oct 2014 22:48:14 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Poul-Henning Kamp <phk@phk.freebsd.dk>, "Julian H. Stacey" <jhs@berklix.com> Cc: freebsd-security@freebsd.org, freebsd-usb@freebsd.org Subject: Re: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell Message-ID: <5433000E.7000404@selasky.org> In-Reply-To: <66233.1412627400@critter.freebsd.dk> References: <201410061956.s96Ju8S3089675@fire.js.berklix.net> <66233.1412627400@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/06/14 22:30, Poul-Henning Kamp wrote: > -------- > In message <201410061956.s96Ju8S3089675@fire.js.berklix.net>, "Julian H. Stacey > " writes: > >> For FreeBSD, >> I guess for serious security, every new device that is connected >> & recognised by /sbin/devd should in future be personaly authorised >> by a human ! One can no longer trust what reports itself to be >> eg a keyboard to actually Be a keyboard, etc. > > "no longer" ? > > When you could you *ever* trust a USB device about anything ? > Hi, You should not assume you can trust hardware :-) Especially removable hardware. It is possible to add a sysctl to halt the probing of USB devices, so that USB devices can only be detached from the system. The problem is that if the main input is a USB keyboard and that goes away, you have no easy way to recover your system ... Anyway, USB 2.0 and 1.0 are broadcast based, and technically one device might highjack the traffic of another one. --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5433000E.7000404>