Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Jun 2017 11:38:30 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Fwd: [cros-discuss] Hacking possibility? Real or not?
Message-ID:  <9aba32b6-f960-beb4-94bf-b8b3b780ef69@FreeBSD.org>
In-Reply-To: <20170620092309.GA3634@c720-r314251>
References:  <20170620092309.GA3634@c720-r314251>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--lgAq7nd8wOVTEHehNkJ9a16qsB8lpav1p
Content-Type: multipart/mixed; boundary="AAC6Sxt1lkKAHqvHmLKBiu2hA8RAQCOiN";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <9aba32b6-f960-beb4-94bf-b8b3b780ef69@FreeBSD.org>
Subject: Re: Fwd: [cros-discuss] Hacking possibility? Real or not?
References: <20170620092309.GA3634@c720-r314251>
In-Reply-To: <20170620092309.GA3634@c720-r314251>

--AAC6Sxt1lkKAHqvHmLKBiu2hA8RAQCOiN
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2017/06/20 10:23, Matthias Apitz wrote:
> In the mailing-list about Chromium OS is some interesting discussion
> about some attack vector using an USB plug-in with some Raspery system
> behind to offer to the OS an USB keyboard and ethernet and at the end
> take over the system. More of the discussion here=20
>=20
> https://groups.google.com/a/chromium.org/forum/?hl=3Den#!topic/chromium=
-os-discuss/UqbGh2kHaVw
>=20
> and the full technical description here:
>=20
> https://samy.pl/poisontap/
>=20
> As far as I can see, the same attack would be possible as well on
> FreeBSD, maybe not so easy because the devd(8) must be configured and
> the module for ethernet on USB cdce(4) must be loaded in advance.
>=20

Isn't this yet another manifestation of physical access to the hardware
being almost impossible to secure against?   Don't plug in any strange
USB devices kids, and don't let your portable kit out of your control so
that other people could take liberties with your USB ports either.

	Cheers,

	Matthew



--AAC6Sxt1lkKAHqvHmLKBiu2hA8RAQCOiN--

--lgAq7nd8wOVTEHehNkJ9a16qsB8lpav1p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJZSPssXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnpaMQAJTyxARfWxvNc2eputI91hEy
S7vyqeizc5qpK7vd4kv2oOD5mT2b3CVSocgPwgc6bpO29qpE03HBQT/ozxAt67ZS
4lpvNk/IsNv+t0XBX8kl6g2jS7sSZ7Ojw5dvD+NqIo8j0bUeRAKYWKi/8euMm8wd
d4UaOZMjDFxYOlqULdsXK7LyRBh6ZCQP4Gr1Q+8BCltrqc6OCloU0Cqsvft2BfzE
P74LtcrunTCzoVy31TtY9dl2FGDabnyJs0OKhWAn9qAuS6HjXKLM4yYkIVlzcuUG
dzqpehC7k5SbYXWNTwMc3UcN0F4SsbuafEZ+2gAtLruFTEuRQJ/8RB5wFre7PZUm
WkC/i82cLfVcKcivadM08vEdApvEnHOvAfeiJp0dsiPgFksYD9FBO6O4lkKrwvrC
FFgWnWLZaHQpaeAq3ppmonCtBIKN+rljL8Xe8ml0qzayw1KgVP2xq3hwzXQJOw9D
KbrYmuKEzd2+jT6+kHgoghbT+dyPFhoKsQij6+rocAQYV5KkjHZLNsmIhSP55ZYo
R971APLRdIjjdVcLS8OTXWShjHz+jH/s+Ifr4/7YGsYwZU2fR6MTBxGxiBZYTjg3
YD4WHsxBsKc9pwKipctImGUXrAbDg5kXh/pUV+DUwZFbXZ/daPbdFdSi7vl5a184
Jo6eIjn48fAv19aw+3oh
=kzVJ
-----END PGP SIGNATURE-----

--lgAq7nd8wOVTEHehNkJ9a16qsB8lpav1p--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9aba32b6-f960-beb4-94bf-b8b3b780ef69>