Re: unfixable usb porthole

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 17 Oct 2014, Greg KH wrote:

> > now that is harming the user even if the code to do it is 100% 
> > nicely written legal code.
> 
> Again, there should never be a way for a USB device to arbitrarily
> execute code on your processor.  That's not part of the USB spec, and
> does not happen on Linux at all.  If it does, please let us know and it
> will be fixed.  So far, none of the "BadUSB" stuff actually does this,
> so that is not an issue.

On Fri, 17 Oct 2014, Peter Stuge wrote:

> It should become clear that what you describe just isn't possible.
> 
> Not everything that is published (on internet or elsewhere) is
> actually correct.

I don't think the situation is quite so rosy as you guys seem to 
believe.

Given the ability to update a USB device's firmware, a black hat can 
easily modify the firmware of an innocent-looking USB flash drive.  The 
new firmware can include an HID interface that presents itself to the 
host as a keyboard.

When an unsuspecting user plugs the device into his computer, any data 
sent out by the bad firmware over the keyboard interface will appear 
(to the host) as if it was typed directly by the user.  Therefore the 
device would be able to do practically anything the user could.

It wouldn't exactly be "silent", but it could be quite insidious.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux