Research available protections against rogue USB devices
By “rogue USB” here we refer, for example, to the BadUSB attack described by SRLabs in https://srlabs.de/badusb and that can spread malicious firmware across USB peripherals.
-
USBGuard
- source code
- Rule language for writting USB device authorization policies, supporting whitelisting and blacklisting based on device attributes
- daemon + IPC + a Qt applet
- in Debian Stretch
- needs some UX improvements before we ship it: https://github.com/dkopecek/usbguard/issues/157
- Linux kernel’s “authorized_default” option for the
usbcore
module- could be set to 0 when the system is locked (logind may help); note that this breaks things if the system’s USB keyboard was unplugged while being locked
- setting this parameter on-the-fly isn’t enough, one also needs
to
for bus in /sys/bus/usb/devices/usb*; do echo 0 > ${bus}/authorized_default ; done
- In GNOME: https://ryuzakikk.github.io/gnome/internship-preparation/, https://ryuzakikk.github.io/gnome/internship-update-1/, https://ryuzakikk.github.io/gnome/internship-update-2/, https://ryuzakikk.github.io/gnome/internship-update-3/, https://ryuzakikk.github.io/gnome/internship-update-4/
Parent Task: #5451
Related issues
- Related to #5684 (closed)
- Related to #15767
- Related to #15900
- Has duplicate #8989 (closed)
Original created by @intrigeri on 9569 (Redmine)