BadUSB security flaw (massive undetectible USB reprogramming vulnerability)

R

Richard Kettlewell

Paul said:
No, Hodgins started this, and I'm not reading
a thousand pages of specs that don't have
the answer, for him.

I think you should have a more careful look at who I was responding to.
 
D

David W. Hodgins

No, Hodgins started this, and I'm not reading
a thousand pages of specs that don't have
the answer, for him. The USB specification
does not describe how to build a DMA logic block.
That's for the chipset designer to do.

I've been simply reposting things I've read years ago, from
security experts (See prior articles for links). I also don't have
the time or energy to dig through the usb specs to figure out exactly
how it works.

Let's just agree to disagree, and end this thread.

Regards, Dave Hodgins
 
G

Gene E. Bloch

In my experience, that's not how Usenet works. No one walks away while the
horse may still have a pulse. We stick around and continue to beat it until
long after there's any sign of life. ;-)

That's why I always say "You can't beat Usenet".
 
A

Aleksandar Kuktin

I've been simply reposting things I've read years ago, from security
experts (See prior articles for links). I also don't have the time or
energy to dig through the usb specs to figure out exactly how it works.

Let's just agree to disagree, and end this thread.

Regards, Dave Hodgins

No.

This thread has been one of those times people on the Internet have
actually been able to influence my opinion and now that the change began,
it will execute until termination. Its own natural termination.

I have, for many years, been under the impression that USB is among the
interfaces that can be used to directly access the main memory, together
with Firewire, PCMCIA and maybe some others. But, now that I think of it,
and read about people properly arguing about this, it dawned on me that
maaaybe I fell for the FUD. After all, I read about these things on Ars
Technica, which is known to be a status-quo mouthpiece. It's not quite as
bad as Wired which sold its soul before I even heard about it, but it's
bad. And it makes sense Ars would sow propaganda about the supposed
invincibility of various agents of The Matrix. Time to challenge the
motion.

Since I already downloaded the USB specs for an unrelated reason, I
suppose I may as well go and read those (but not cover-to-cover, only the
relevant bits) in an attempt to get to the bottom of this.

But don't expect a speedy response. I'm a busy man, after all. :)
 
A

Aleksandar Kuktin

But then it occurred to me that whatever the system prompts for, any
black had pseudo-keyboard could send - i. e. it could appear as a second
keyboard, then "type" a Y!

The way round that would be for the OS to say "a second keyboard has
been detected - type # on it to enable it", where # was _a random key_
(and the OS only looked at the _first_ key sent from any such to stop it
just sending all of them). But that sounds too complex.

I'm pretty sure you can write that in <100 lines of C. Less if you used
some more concise language.
I like playing devil's advocate too, and the challenge you raised! I
think my answer works. (Especially if it prompted for a combination.)

Combination is even better.
 
Top