LWN: Comments on "BadUSB: Clever but not novel"

BadUSB: Clever but not novel

mathstuf — Thu, 21 Aug 2014 17:55:44 +0000

That looks like it. Thanks.

BadUSB: Clever but not novel

raven667 — Thu, 21 Aug 2014 15:24:02 +0000

http://spritesmods.com/?art=hddhack&page=3

Is this what you were thinking of. I bookmarked it because it is so obscure I was concerned it would be never found again

BadUSB: Clever but not novel

mathstuf — Thu, 21 Aug 2014 11:48:51 +0000

I remember there being an article about someone installing Linux to a hard drive *controller* and being able to munge any bits going in or out. Unfortunately, searching for it is proving frustrating this early in the morning.

BadUSB: Clever but not novel

dlang — Wed, 20 Aug 2014 21:32:13 +0000

true, but a bad SATA drive can do all sorts of other nasty stuff to you.

BadUSB: Clever but not novel

mjg59 — Wed, 20 Aug 2014 07:32:45 +0000

Other than SATA not supporting input devices?

BadUSB: Clever but not novel

dlang — Tue, 19 Aug 2014 21:11:09 +0000

I'll point out that in the case of your external hard drive, the drive firmware itself can be reprogrammed via ATA commands, and it doesn't matter if it's plugged in via USB or directly to the motherboard via SATA

BadUSB: Clever but not novel

Baylink — Tue, 19 Aug 2014 19:35:47 +0000

The thing that I see as a potential *actual* attack vector, which this LWN piece didn't address, is a usecase that might actually *happen* in normal use:

1) I unplug my external HDD from my own machine
2) I plug it into someone else's infected machine, which reprograms its USB drive adapter without my knowledge
3) I do my work there
4) I unplug it from their machine
5) I plug it back into my own
6) ATTACK

Everyone seems to be sloughing this off as a Won't Happen If You Do Smart Things case, but I'm not at all sure that's true.

The issue *I* wanted to hear more about is "how wide is the universe of USB device adapters which actually *can* be reprogrammed?" (Ones on which, say, a fuse is not blown forbidding reprogramming)

BadUSB: Clever but not novel

mjg59 — Sat, 16 Aug 2014 08:50:02 +0000

Not really. It's trickier to get any of them to present as an input device, and in the presence of an iommu you shouldn't be able to get them to do arbitrary DMA either.

BadUSB: Clever but not novel

Cyberax — Sat, 16 Aug 2014 06:23:48 +0000

Yeah, have you seen the signs reading: "This sign contains chemicals known to the State of California to cause cancer" or maybe "This product may cause cancer in the State of California"?

BadUSB: Clever but not novel

dlang — Sat, 16 Aug 2014 05:39:45 +0000

This isn't limited to USB devices, you can do the same thing with SD cards, SATA hard drives, PCI network cards, etc (I've seen examples of each of these, it's not just theory)

USB is just the latest to be publicized.

BadUSB: Clever but not novel

dlang — Sat, 16 Aug 2014 05:38:00 +0000

that will be like the California Prop 98 warnings that are on every building "this building contains chemicals known to the state of California to cause cancer"

just make the kernel unconditionally log "the device you just plugged in can be compromised" and you will get just as good a result as trying to maintain a blacklist.

BadUSB: Clever but not novel

mjthayer — Fri, 15 Aug 2014 03:30:16 +0000

I can imagine a world where connecting a known insecure device to your computer would trigger a warning that it might potentially be compromised some time in the future.

BadUSB: Clever but not novel

droundy — Thu, 14 Aug 2014 18:32:42 +0000

Also, the idea of my wireless mouse compromising my own computer if I loan it to someone at a conference has not been on my radar as a threat vector. This is qualitatively different from the danger of plugging an untrusted USB device into my computer. This is the danger of plugging a trusted USB device into someone else's computer.

David

BadUSB: Clever but not novel

job — Thu, 14 Aug 2014 07:57:27 +0000

Novel or not, their work is still very impressive. Reprogramming cheap USB devices bring no end of clever things to do with them.