Disallowance of USB insertion is fairly common in "corporate" PCs. Yes, it is a BIOS or registry setting.
It is also possible to monitor and report USB insertions to a corporate security operations center. I have written software to do so for my employer. (OT to mainframes, of course.) Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of John McKown Sent: Monday, August 11, 2014 1:45 PM To: [email protected] Subject: Re: Check out BBC News - USB 'critically flawed' after bug discovery, researchers On Mon, Aug 11, 2014 at 1:31 AM, Shane Ginnane <[email protected]> wrote: > On Sun, 10 Aug 2014 23:24:45 -0500, Mike Schwab <[email protected]> > wrote: > >>You have to have firmware to run the USB. And in their example they >>were able to create a malicious firmware that nothing checks for. > > It's worse than that - they masquerade as something *else* that *IS* known > about, and gets accepted. > USB masquerading has been known for a while - but I like their phone trick. > Shows imagination. > > And formatting the device is not going to get rid of it - outside of hardened > systems, this is not likely to be stopped. Although you could have your own > udev rules in Linux - nobody does that, they just use what Ubuntu sets up; > which is basically create a new device node for anything that's plugged in. > Whatever it happens to be pretending to be. > I can't imagine mickeymouse ware doing any different. > > Seems businesses are slowly realising they can't allow anyone to plug USB in > - but with BYOD now taking off, how's that going to be regulated ?. I know it won't happen, but the "desktop" people could basically just "snip the wires" to the USB ports. Assuming that BYOD is forbidden at the installation. Of course, this means work for the desktop people. And that the PC likely can't be sold because it is damaged. It might be possible for MS to "enhance" Windows to have a registry entry to disallow USB to autoconnect a device. Perhaps this could be set to "YES", "NO" or "ASK". The Linux people could do something similar. I would bet the Linux people are more ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
