Hash: SHA256

On Wed, Aug 31, 2016 at 10:05:59PM -0000, johnyju...@sigaint.org wrote:
> I'm curious to some mentions-in-passing about Andrew's hate for USB
> keyboards.  USB-anything isn't good for security, but what in particular
> so much worse about USB?  Both USB and PS/2 can keylog, or play predefined
> scripts to try and exploit the system.  One of the dangers of rogue USB
> devices is that they can suddenly pretend to be a keyboard (which Linux
> will accept without confirmation, something I'm not thrilled about).

It is mostly not about the keyboard itself, but other devices on the
same bus. Anything that can control the bus to which keyboard is
connected, can control the keyboard / pretend to be a keyboard.
In addition, USB is quite complex and as with all complex code there are
If you (or someone else) plug a malicious USB device that will exploit
some bug in one of million USB device drivers, it can do whatever it
want with the other USB devices on the same bus. And if that USB
controller live in dom0, it's game over even without injecting malicious
PS/2 is much better, because you can't connect anything else than input
devices there, and attack surface is much smaller.

Some mitigation would be to use separate USB controller for USB
keyboard/mouse and have it in dedicated VM (separate form all-purposes
This will guard you from potentially malicious devices *you* plug into
the system, but not from someone else plugging it instead of keyboard
(so into that keyboard-only USB controller). To plug that hole, that
USB-keyboard VM should be configured to reject any non-keyboard device
before allowing any driver to talk to it. This will still left you
vulnerable for bug in USB stack itself, but the attack surface is much,
much smaller than all the USB devices drivers (some unmanaged for

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Version: GnuPG v2


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to