-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, Aug 31, 2016 at 10:05:59PM -0000, johnyju...@sigaint.org wrote:
> I'm curious to some mentions-in-passing about Andrew's hate for USB
> keyboards.  USB-anything isn't good for security, but what in particular
> so much worse about USB?  Both USB and PS/2 can keylog, or play predefined
> scripts to try and exploit the system.  One of the dangers of rogue USB
> devices is that they can suddenly pretend to be a keyboard (which Linux
> will accept without confirmation, something I'm not thrilled about).

It is mostly not about the keyboard itself, but other devices on the
same bus. Anything that can control the bus to which keyboard is
connected, can control the keyboard / pretend to be a keyboard.
In addition, USB is quite complex and as with all complex code there are
bugs. 
If you (or someone else) plug a malicious USB device that will exploit
some bug in one of million USB device drivers, it can do whatever it
want with the other USB devices on the same bus. And if that USB
controller live in dom0, it's game over even without injecting malicious
keystrokes.
PS/2 is much better, because you can't connect anything else than input
devices there, and attack surface is much smaller.

Some mitigation would be to use separate USB controller for USB
keyboard/mouse and have it in dedicated VM (separate form all-purposes
sys-usb).
This will guard you from potentially malicious devices *you* plug into
the system, but not from someone else plugging it instead of keyboard
(so into that keyboard-only USB controller). To plug that hole, that
USB-keyboard VM should be configured to reject any non-keyboard device
before allowing any driver to talk to it. This will still left you
vulnerable for bug in USB stack itself, but the attack surface is much,
much smaller than all the USB devices drivers (some unmanaged for
years).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXx5GcAAoJENuP0xzK19cstXgH/2+qnvTd7y00TSaUuAqjgUUI
waSjgeZnXfuGn8WMIRaGn4sIAqG4VgL1JP8sStWGHzAktOnqU/BHmaMAgipVvDpy
60a0SumEE1kZ8RUbIzINuTlZVmXw/7Dt1NCA0FOJbkjn4UeiuRvCkKceedJXrV9a
m3HoCGTu1qgZB9B4m+TvPtgeqUrUj/bvsLkgPJbVKiOWevIJ7M57cabDk/6P3p0q
QMHT6yPqcEXrA3SKAay/LDTvwP6C67jXjkCsvQYPX1TNrCZzEkvYyA3P4ycblBlM
Pq3MmSlPTLkiHorupOERDZi7mON2lss23aaj0AXvClgO03V8ArPjDnnmxHEWW9A=
=za1M
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160901022532.GE24732%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Reply via email to