Fwd: [cros-discuss] Hacking possibility? Real or not?

Valeri Galtsev galtsev at kicp.uchicago.edu
Tue Jun 20 14:52:42 UTC 2017

On Tue, June 20, 2017 5:38 am, Matthew Seaman wrote:
> On 2017/06/20 10:23, Matthias Apitz wrote:
>> In the mailing-list about Chromium OS is some interesting discussion
>> about some attack vector using an USB plug-in with some Raspery system
>> behind to offer to the OS an USB keyboard and ethernet and at the end
>> take over the system. More of the discussion here
>> https://groups.google.com/a/chromium.org/forum/?hl=en#!topic/chromium-os-discuss/UqbGh2kHaVw
>> and the full technical description here:
>> https://samy.pl/poisontap/
>> As far as I can see, the same attack would be possible as well on
>> FreeBSD, maybe not so easy because the devd(8) must be configured and
>> the module for ethernet on USB cdce(4) must be loaded in advance.
> Isn't this yet another manifestation of physical access to the hardware
> being almost impossible to secure against?   Don't plug in any strange
> USB devices kids, and don't let your portable kit out of your control so
> that other people could take liberties with your USB ports either.

As they said in system security manual some 30 years ago: the first step
in securing machine is physical security of your box ;-)


> 	Cheers,
> 	Matthew

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

More information about the freebsd-questions mailing list