USB device registration
Keith
keith at caramail.com
Sun Jan 30 19:43:49 UTC 2022
On 1/30/22 12:28 AM, rikona wrote:
[snip]
>
> Thanks much for the reply. I installed hwinfo and can see the device(s).
> I'm familiar with how the exploit works, which is why I asked how to see
> it. And it does work immediately, unfortunately. Tricky to avoid this.
> I have a real USB keyboard so can't disable that in the comp to avoid
> the 'instant' problem. Is there a way to just disable one selected port
> on the internal root usb Linux hub on the MB?
>
> Or, is there another way to selectively disable just that USB keyboard
> and allow other USB keyboards to work? Or, wild idea - would a virtual
> comp/OS shield the hardware box from being infected, or does this run
> at a MB level?
>
> BTW - there is S/W that can install this kind of malware on any USB
> device, by essentially upgrading the firmware. Easier to do than I
> first thought - any good hack could do it. Major potential threat.
>
> Anyway, thanks for the info re how to see it. Now need a way to see it
> WITHOUT HAVING IT DO ANYTHING TO A COMP with an operating USB keyboard.
>
> All ideas much appreciated.
>
1. Plug any untrusted usb devices into an air-gapped system and monitor
the logs for any unusual behavior, i.e. a storage device identifying
itself as a keyboard.
2. Install the usbguard package
"The USBGuard software framework helps to protect your computer against
rogue USB devices (a.k.a. BadUSB) by implementing basic whitelisting and
blacklisting capabilities based on device attributes."
https://usbguard.github.io/
--
Keith
More information about the ubuntu-users
mailing list