On Sun, 10 Aug 2014 23:24:45 -0500, Mike Schwab <[email protected]> wrote:
>You have to have firmware to run the USB. And in their example they >were able to create a malicious firmware that nothing checks for. It's worse than that - they masquerade as something *else* that *IS* known about, and gets accepted. USB masquerading has been known for a while - but I like their phone trick. Shows imagination. And formatting the device is not going to get rid of it - outside of hardened systems, this is not likely to be stopped. Although you could have your own udev rules in Linux - nobody does that, they just use what Ubuntu sets up; which is basically create a new device node for anything that's plugged in. Whatever it happens to be pretending to be. I can't imagine mickeymouse ware doing any different. Seems businesses are slowly realising they can't allow anyone to plug USB in - but with BYOD now taking off, how's that going to be regulated ?. Shane ... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
