Fwd: [cros-discuss] Hacking possibility? Real or not?

James B. Byrne byrnejb at harte-lyne.ca
Tue Jun 20 15:22:08 UTC 2017

On Tue, June 20, 2017 06:38, Matthew Seaman wrote:
> On 2017/06/20 10:23, Matthias Apitz wrote:
>> In the mailing-list about Chromium OS is some interesting discussion
>> about some attack vector using an USB plug-in with some Raspery
>> system behind to offer to the OS an USB keyboard and ethernet and
>> at the end take over the system. More of the discussion here
>> https://groups.google.com/a/chromium.org/forum/?hl=en#!topic/chromium-os-discuss/UqbGh2kHaVw
>> and the full technical description here:
>> https://samy.pl/poisontap/
>> As far as I can see, the same attack would be possible as well on
>> FreeBSD, maybe not so easy because the devd(8) must be configured
>> and the module for ethernet on USB cdce(4) must be loaded in advance.
> Isn't this yet another manifestation of physical access to the
> hardware being almost impossible to secure against?   Don't plug
> in any strange USB devices kids, and don't let your portable kit
> out of your control so that other people could take liberties
> with your USB ports either.

Every USB device contains a controller which itself operates on the
basis of flash-able microcode.  Few such controllers have any
safeguards against being reprogrammed.  Consequently, any physical
access to any USB port on a host allows an attacker to permanently
corrupt and infect the USB device controller(s) on a target system. 
As such malware likely contains code to prohibit further reprogramming
the infection is permanent and removal of the affected hardware is the
only remedy.  On most modern computers this requires discarding the

This issue was demonstrated at BlackHat-2014.  To the best of my
knowledge, few if any USB device manufacturers provide hardened
controllers.  IronKey is the only external flash memory device that I
know of which claims to.  But I have seen nothing respecting host
based controllers.

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list