|
|
|
|
|
|
by lperkins2
2422 days ago
|
|
|
I raised a concern about USB isolation about a year ago, both about the modem launching a fake USB attack and potential issues with USB peripherals via the USB C port. The underlying issue is that, unlike bluetooth, USB devices are approved and enabled automagically by the kernel. In general this is desired since you really want your USB keyboard to work on system setup, or you can't do anything with the computer (unless, like me, you have a PS/2 keyboard). Also, the USB device gets initialized by the BIOS/UEFI on a typical computer, which means it could launch an attack before the kernel is even loaded. Good news is neither you nor I are the first to spot this problem, and there is already a project which adds authentication/pairing for USB to the linux kernel. It doesn't solve the boot-time issue, but it does solve the USB stick (or USB 3g/4g card) pretending to be a keyboard+hdmi monitor issue. |
|
|
https://www.kernel.org/doc/html/latest/usb/authorization.htm...