USB device registration

[Ralf Mardorf]

On Sun, 30 Jan 2022 03:48:21 +0100, Ralf Mardorf wrote:
>While a faked HID devices can work cross-platform, somebody needs to 
>prepare the hardware. Examples on how to do this kind of attacks are
>shown by using USB development boards. I suspect that it's virtually
>impossible to reprogram a connected USB data storage device by
>malware, to fake a keyboard and than to do nasty things beyond a fork
>bomb.

"HID (Human Interface Device) spoofing: HID spoofing keys use
specialized hardware to fool a computer into believing that the USB key
is a keyboard. This fake keyboard injects keystrokes as soon as the
device is plugged into the computer. The keystrokes are a set of
commands that compromise the victims computer. As we will see later in
the post (spoiler alert!), with a bit of work and ingenuity, we will
create a HID device that spawns a reverse TCP shell that will give us
full remote control over the victims computer." -
https://elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one/

tl;dr it seems to be possible to get remote access by a TCP connection.
Since I didn't read it yet (I'll read it later), I wonder how to get
access to a shell in the first place, either to just launch a fork bomb
or to go beyond it and get remote access. However, it likely requires
to prepare hardware manually. Replacing firmware might be possible for
some USB devices, but I suspect that there's no way at all to replace
the firmware of the majority of USB devices.

"0-day: Those rumored keys are likely to use custom hardware that
exploits a vulnerability in a USB driver to get direct control of a
computer as soon as it is plugged in. AFAIK, none of those have been
publicly discussed." -
https://elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one/

In this case the USB devcies, as well as the Ubuntu USB driver needs to
be fishy.