Originally posted by uid313
View Post
Linux 6.13 To Enhance Logic For Trusting Built-In Thunderbolt Controllers
Collapse
X
-
Originally posted by uid313 View PostNo the user wouldn't because the user wouldn't know about it because the USB device would inject the keypresses when the computer was idle and the user not present at the computer. The strange behavior would be so fast to open a terminal, and run some command that the user wouldn't even notice it even if he was there. Even if the user saw it, the user would just ignore it and think it was some normal system update operation happening in the background.
Rubber Duck, Flipper and Co can input all the keystrokes they want if they end up on the lock screen and get counted as invalid logins, shown to you when you come back to the computer.
For example with swaylock --show-failed-attempts
Originally posted by uid313 View PostNo, you can plugin any USB device and the system will blindly trust it.
Originally posted by uid313 View PostThen it should require input devices to be present before boot.
It should display a message like "a input device has been plugged in, if you want to use it, you have to reboot".
Or it needs to be whitelisted in the UEFI settings so that UEFI can use it, but the OS can only allow inputs from an input device after it has been whitelisted in the UEFI.
Leave a comment:
-
-
Originally posted by uid313 View Post
Then it should require input devices to be present before boot.
It should display a message like "a input device has been plugged in, if you want to use it, you have to reboot".
Or it needs to be whitelisted in the UEFI settings so that UEFI can use it, but the OS can only allow inputs from an input device after it has been whitelisted in the UEFI.
Leave a comment:
-
-
Originally posted by ziguana View Post
Leave a comment:
-
-
Originally posted by Anux View PostAnd? The user would take its PC to a professional to have a look at that strange behavior, just typing stuff at random times will result in various symptoms but is hardly a reliable exploit, you would want to wait until there is an admin terminal open for which you need some way of informing your "keyboard" about that. Are you seriously comparing this to DMA?
Originally posted by reba View PostOnly if the host system trusts the device, accepts its connection and hooks it up.
Originally posted by billyswong View Post
We should figure out a way to fix it, but it may not be the job of kernel to handle that as it is more a social engineering problem.
Imagine you get a laptop with broken keyboard and touchpad. You definitely don't want your external keyboard and mouse be blocked from accessing the computer. No, requiring explicit approval unless the new keyboard/mouse is the only input device doesn't work. The broken internal keyboard and touchpad may be still sending alive signal to the computer.
It should display a message like "a input device has been plugged in, if you want to use it, you have to reboot".
Or it needs to be whitelisted in the UEFI settings so that UEFI can use it, but the OS can only allow inputs from an input device after it has been whitelisted in the UEFI.
Leave a comment:
-
-
Originally posted by uid313 View PostMean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?
USB is just blindly trusted?
Imagine you get a laptop with broken keyboard and touchpad. You definitely don't want your external keyboard and mouse be blocked from accessing the computer. No, requiring explicit approval unless the new keyboard/mouse is the only input device doesn't work. The broken internal keyboard and touchpad may be still sending alive signal to the computer.
Leave a comment:
-
-
Originally posted by uid313 View PostMean while anyone can just plugin a USB device that looks like a USB storage device but is actually identified as a USB HID class and inserts keystrokes to open terminal and type stuff?
USB is just blindly trusted?
Leave a comment:
-
-
Originally posted by uid313 View Post
Yes, but any USB device whether it looks like a USB flash storage or a camera or a scanner can identify as USB human interface device (HID) as if it was a USB keyboard and start automatically injecting keystrokes as if they were typed by the user.
Leave a comment:
-
-
Originally posted by uid313 View Post... USB human interface device (HID) as if it was a USB keyboard and start automatically injecting keystrokes as if they were typed by the user.
Leave a comment:
-
-
Originally posted by colejohnson66 View Post
USB is less powerful than Thunderbolt. USB can only access what the OS allows, whereas Thunderbolt can issue DMA transfers, access other PCIe devices, and more.
Leave a comment:
-
Leave a comment: