USB device registration

Tue Feb 1 06:58:54 UTC 2022

On Mon, 31 Jan 2022 15:12:19 -0600, Keith wrote:
>Whether you use a test system or not, usbguard can be used to set
>whitelist and/or blacklist policies that can specify what type of
>device can be used on specific port. So if you have a usb keyboard in
>port 1, you would craft a policy that only port 1 will allow usb
>keyboard devices. Plugging a keyboard device into any other usb port
>will fail. So any badusb key that tries to register itself as a
>keyboard will fail since only port 1 allows keyboards and your
>keyboard is already in port 1. This action alone defeats the more
>popular attacks by badusb.

Hi,

there might be measures to control a single USB ports, but from my
experiences depending on the used mobo, at least unbinding might
affect a group of many ports, see my previous reply
https://lists.ubuntu.com/archives/ubuntu-users/2022-January/306745.html

Maybe whitelisting only one keyboard identifier is a reliable
mitigation or using PS/2 for the keyboard and to blacklist all
keyboards, see
https://lists.ubuntu.com/archives/ubuntu-users/2022-January/306741.html
, keyboards do have different identifiers and FWIW using PS/2 is anyway
better for pro-audio users, gamers and probably other users, too.

However, could somebody provide a link to a serious source about
malware, that is able to reprogram the controller of USB data storage
devices? It's unlikely to happen that malware is able to replace the
firmware. More likely is hardware that is programmed in the first place
to fake a keyboard, not a reprogrammed device. It's unlikely that such
devices are in circulation, those are probably exceptions.

Two days ago a man was killed by an election poster in Beelitz, Germany.
IMO worrying about an attack by a reprogrammed USB data storage device
is moot. It seems to be as likely as death by an election poster.

Another thing is the way such a faked keyboard attack might work. There
might be ways to serious harm by privilege escalation and running
something bad under the radar. If so, there's the need to fix those
security breaches.

Regards,
Ralf

-- 
I find it hard to believe how often rockets carry something into the
orbit. It's also hard to believe how often the payload are Starlink
satellites.

[rocketmouse at archlinux ~]$ nextinspace 
┌────────────────────────────────────────────────────────────────────────────────────────┐
│Falcon 9 Block 5 | Starlink Group 4-7                                                   │
│Launch Complex 39A, Kennedy Space Center, FL, USA                                       │
│                                                                                        │
│    Tue February 01, 2022 07:56 PM CET                                                  │
│    Launch Type: Communications                                                         │
│                                                                                        │
│    A batch of 49 satellites for Starlink mega-constellation - SpaceX's project for     │
│    space-based Internet communication system.                                          │
└────────────────────────────────────────────────────────────────────────────────────────┘

An overview showing astro-garbage and other things in orbit:
[rocketmouse at archlinux ~]$ firefox http://stuffin.space/?intldes=2022-001A # other Starlink