Announcement

Collapse
No announcement yet.

More Than One Dozen USB Vulnerabilities Published For The Linux Kernel

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #11
    Originally posted by schmidtbag View Post
    I'm not saying these vulnerabilities shouldn't be fixed, but these issues are hardly worth worrying about.
    I would not say this either remember the virtual machine hack case by floppy drive part of qemu. Now the other thing is USB is not as localised as one would think.

    People forget USB/IP http://usbip.sourceforge.net/ a lot of these faults in usb drivers has been found by using a fuzzier exploiting this. USB/IP is in Linux kernel and of course this means if you are using USB/IP for some-reason its now a local network exploitable fault and possible further.

    USB to standard should fail safely from a direct short. This is why usb-killer uses capacitors to put increased voltage and amps back in. Ports with proper protection should not die from a usb-killer but majority of usb ports don't have proper protection.
    Last edited by oiaohm; 07 November 2017, 06:43 PM.

    Comment

    • #12
      Originally posted by M@GOid View Post
      Heh, I can see a Corsair Voyager on that photo. Mine is a 1GB model and the first flashdrive I ever owned. And the damn thing still works more than 10 years later!
      Yep, I'd also say that's a Voyager. Awesome things. I bought two because they're just robust. I also have one near-ancient 256 MB stick and it's still going. Other flash sticks went boom after 3 uses (not fully written, more like 3 power cycles at all). So much crap sold these days, you're happy once you see these 5+ year warranty things.

      on the news:
      Physical access and specially crafted... so kinda BadUSB. Should be fixed, yes, but this still is a moderate weakness.
      Stop TCPA, stupid software patents and corrupt politicians!

      Comment

      • #13
        Originally posted by M@GOid View Post
        Heh, I can see a Corsair Voyager on that photo. Mine is a 1GB model and the first flashdrive I ever owned. And the damn thing still works more than 10 years later!
        Oh you sweet summer child. I remember I got my first flash drive in High School because I was sick of having to re-format my floppies on a daily basis. 128MB of sweet sweet storage: https://www.dhresource.com/260x260s/...memory-usb.jpg

        Nobody at the school would believe me that I could hold approx 88 floppies worth of files on it.

        I also had one of these a couple of years after just high school:
        http://imshopping.rediff.com/imgshop...ve-with-fm.jpg I could fit about 50 full-length songs on it, and listen to almost all of them before the battery went flat!
        • Likes 1

        Comment

        • #14
          Originally posted by flubba86 View Post

          Oh you sweet summer child. I remember I got my first flash drive in High School because I was sick of having to re-format my floppies on a daily basis. 128MB of sweet sweet storage: https://www.dhresource.com/260x260s/...memory-usb.jpg

          Nobody at the school would believe me that I could hold approx 88 floppies worth of files on it.

          I also had one of these a couple of years after just high school:
          http://imshopping.rediff.com/imgshop...ve-with-fm.jpg I could fit about 50 full-length songs on it, and listen to almost all of them before the battery went flat!
          I remember those days. I became a heavy CD-RW user after a awful weekend were after a 45 min. bus ride from a friend's house, a pack of floppies failed me. When flash drivers became larger than a CD and affordable, I finally bought one. It was a dream, compact, fast, crash proof, no more pain because a little scratch made your brand new CD-RW unreadable. Those were the days.

          Comment

          • #15
            Originally posted by Adarion View Post

            Yep, I'd also say that's a Voyager. Awesome things. I bought two because they're just robust. I also have one near-ancient 256 MB stick and it's still going. Other flash sticks went boom after 3 uses (not fully written, more like 3 power cycles at all). So much crap sold these days, you're happy once you see these 5+ year warranty things.
            This Voyager of mine got a little forgotten after the default distro iso file became larger than 1 GB. I lost a bunch of other more modern, spacious flashdrives. The last one was a pornographically fast Lexar P20. The damn thing entered in write protected mode after only a couple months of use. If I do not manage to get a new one in a RMA, I thinking of buying a new Voyager, just to see if they still make them like they used to.

            Comment

            • #16
              Originally posted by oooverclocker View Post
              Thanks to the person or people who have found out about these vulnerabilities! Every security hole that is found or denied is a huge step forward.
              Make Linux Great Again!
              • Likes 1

              Comment

              • #17
                Rust: the "should've gone to Specsavers" of programming languages.

                Comment

                • #18
                  Originally posted by carewolf View Post
                  Well, among the non-exploit basic features of the USB-bus is to take control of the computer as if you were a local user connected by USB keyboard and mouse.
                  Originally posted by schmidtbag View Post
                  Seeing as you have to have a specially-made device and physical access to the PC, there's a much easier way to inconvenience someone:
                  Same reaction here :

                  - It's good that these bugs were fixed, for the overall quality of the Linux kernel

                  - I seriously doubt that there are many "in the wild" actual exploits targetting these bugs : if you have access to the USB bus and require a custom device, there are much better way to hack machine. Mainly by custom devices masquerading as "innocent-looking memory stick lost in the street" but who suddenly turn into a couple of other legitimate USB classes (e.g.: keyboard/mouse) when the victim isn't looking.

                  - if actual physical access to the machine is available (and not only to the USB bus) you could even go all the way to a USB Keygrabber and stick it between the keyboard and the target machine. No need to even hack into the machine.


                  Comment

                  • #19
                    Seems someone has ran fuzzer on usb. Though if someone could plug rogue usb device, you're pretty much screwed already since it could act like e.g. usb keyboard and try to type some smartass commands assuming there is e.g. root prompt. Or maybe just try to reboot computer, turn into USB flash and boot OS on top of bootkit to ensure things are totally backdoored. One could protect against BadUSB but it's not like if common Linux setups are protected against it. So if someone would up for attacking via USB, BadUSB is far more viable compared to some (already fixed) bugs.

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X