On Sat, 22 Jan 2005, Lilliput wrote: > Hello all ;) > > I writing a research paper for the University of Bradford (UK). > I'm looking for some security issue, through different type of > communication in the USB protocoles. > > The first one is USB sniffing; software and hardware. > * snoopy in windows > * hardware http://www.ellisys.com/ (sorry for the advertise) > > for the harware part I was looking for a small device like the one that > everybody know for ps2 keyboard sniffing .. > (Could at least sniff the usb keyboard + files from USB key+ datas )
Of course such device might exist. On the other hand, if someone is in a position to install a hardware sniffer on a USB keyboard cable, they could just as easily install a surreptitious video camera to monitor keystrokes visually. > Then my second question was about the USB stack integrity (no specific > to a linux platform) Do you think that devices could create an overflow > in order to take control/install a software in the computer ? I'm not aware of any way a hostile device could exploit an error in the USB stack to take control or install a program. Naturally that doesn't mean such a way doesn't exist -- we know there are bugs in the USB stack. But I don't know of any that are exploitable like you suggest; most bugs will simply cause a Denial Of Service. > (what hapen when the devices are not respecting the protocol ? ) The same comments apply. There's nothing unique about USB in this respect. Every device driver in the kernel is potentially subject to such an attack. Do you have any reason to think that USB might be especially vulnerable? Alan Stern ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
