USB device registration

[Ralf Mardorf]

Hi,

the good news, hotplugged keyboards are identified, the output might
differ when using X, Wayland or CLI only. The bad news, by default a
hotplugged keyboard is granted instant access. IOW before you connect
an USB data storage device that might fake to be a keyboard, you need to
disable the instant access for hotplugged keyboards.

[rocketmouse at archlinux ~]$ hwinfo --usb | grep -eModel -eVendor -eDriver -A10| grep -eyboard -eXkb | sort -u ## keyboard attached to an PS/2 port
[rocketmouse at archlinux ~]$ hwinfo --usb | grep -eModel -eVendor -eDriver -A10| grep -eyboard -eXkb | sort -u ## the same keyboard attached to an USB3 port
    XkbModel: pc104
    XkbRules: xfree86
  Device Files: /dev/input/event11, /dev/input/by-path/pci-0000:00:14.0-usb-0:1:1.0-event-kbd, /dev/input/by-id/usb-SIGMACHIP_USB_Keyboard-event-kbd
  Device: usb 0x0002 "Keyboard TRACER Gamma Ivory"
  Model: "SiGma Micro Keyboard TRACER Gamma Ivory"
12: USB 00.0: 10800 Keyboard
[rocketmouse at archlinux ~]$ hwinfo --usb | grep -eModel -eVendor -eDriver -A10| grep -eyboard -eXkb | sort -u ## another keyboard attached to the same USB3 port
    XkbModel: pc104
    XkbRules: xfree86
  Device Files: /dev/input/event11, /dev/input/by-path/pci-0000:00:14.0-usb-0:1:1.0-event-kbd, /dev/input/by-id/usb-_USB_Keyboard-event-kbd
  Device Files: /dev/input/event13, /dev/input/by-id/usb-_USB_Keyboard-event-if01
  Device: usb 0x1702 "Keyboard LKS02"
  Model: "Holtek Keyboard LKS02"
12: USB 00.0: 10800 Keyboard

While a faked HID devices can work cross-platform, somebody needs to 
prepare the hardware. Examples on how to do this kind of attacks are
shown by using USB development boards. I suspect that it's virtually
impossible to reprogram a connected USB data storage device by
malware, to fake a keyboard and than to do nasty things beyond a fork
bomb.

Regards,
Ralf