On Monday, June 26, 2017 at 5:41:19 PM UTC-7, Unman wrote: > > Yes, sys-usb can be compromised, and it would be possible for malware to > be spread to other devices attached to sys-usb. I'm not clear how you > think that compromise could be passed to dom0 or an appVM though, > unless you have in mind some flaw in pciback or the Qubes tools?
the compromised device is then passed to dom0 or the appvm and infects those when its attached. for example, a bash bunny might have a payload to infect an already plugged in mouse, or wait for the next device that gets plugged in. some mice are fancy enough to have firmware settings, so i wouldnt be surprised if these could more easily be compromised. one possibility, which may already be in effect (i dont have a working laptop to look) is to make sys-usb filter out anything "not mouse" on a "mouse" device etc, or manage it in a similar manner to block devices. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5d9bd23-c2b3-4ee9-a23c-e972abd132aa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
