-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Aug 31, 2016 at 10:05:59PM -0000, johnyju...@sigaint.org wrote: > I'm curious to some mentions-in-passing about Andrew's hate for USB > keyboards. USB-anything isn't good for security, but what in particular > so much worse about USB? Both USB and PS/2 can keylog, or play predefined > scripts to try and exploit the system. One of the dangers of rogue USB > devices is that they can suddenly pretend to be a keyboard (which Linux > will accept without confirmation, something I'm not thrilled about).
It is mostly not about the keyboard itself, but other devices on the same bus. Anything that can control the bus to which keyboard is connected, can control the keyboard / pretend to be a keyboard. In addition, USB is quite complex and as with all complex code there are bugs. If you (or someone else) plug a malicious USB device that will exploit some bug in one of million USB device drivers, it can do whatever it want with the other USB devices on the same bus. And if that USB controller live in dom0, it's game over even without injecting malicious keystrokes. PS/2 is much better, because you can't connect anything else than input devices there, and attack surface is much smaller. Some mitigation would be to use separate USB controller for USB keyboard/mouse and have it in dedicated VM (separate form all-purposes sys-usb). This will guard you from potentially malicious devices *you* plug into the system, but not from someone else plugging it instead of keyboard (so into that keyboard-only USB controller). To plug that hole, that USB-keyboard VM should be configured to reject any non-keyboard device before allowing any driver to talk to it. This will still left you vulnerable for bug in USB stack itself, but the attack surface is much, much smaller than all the USB devices drivers (some unmanaged for years). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXx5GcAAoJENuP0xzK19cstXgH/2+qnvTd7y00TSaUuAqjgUUI waSjgeZnXfuGn8WMIRaGn4sIAqG4VgL1JP8sStWGHzAktOnqU/BHmaMAgipVvDpy 60a0SumEE1kZ8RUbIzINuTlZVmXw/7Dt1NCA0FOJbkjn4UeiuRvCkKceedJXrV9a m3HoCGTu1qgZB9B4m+TvPtgeqUrUj/bvsLkgPJbVKiOWevIJ7M57cabDk/6P3p0q QMHT6yPqcEXrA3SKAay/LDTvwP6C67jXjkCsvQYPX1TNrCZzEkvYyA3P4ycblBlM Pq3MmSlPTLkiHorupOERDZi7mON2lss23aaj0AXvClgO03V8ArPjDnnmxHEWW9A= =za1M -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160901022532.GE24732%40mail-itl. For more options, visit https://groups.google.com/d/optout.