On Tue, 25 Oct 2016, Vít Šesták wrote: > I am not sure if the devices can sniff both directions. I've believed > that a device can sniff only inbound data and cannot communicate with > other devices. I've tried to look for some document that would allow me > to be sure about this, but I've found nothing. Well, the official > documentation would likely contain enough information, but it seems to > be quite large.
USB2 downstream traffic (towards device) seems to be broadcasted and USB3 is routed only to the particular device due to power considerations. Some exceptions to that USB2 rule based on different USB speeds. The speed restrictions seem quite safe electrically too - assuming firmware level only compromizes - because of different signalling voltage levels (a dual speed capable sniffing transreceiver does not seem too convincing threat as possibility deploying them to a victim probably should allow much easier to accomplish attacks too). The USB2 upstream is different and is seen only by the hubs on the path towards the host and the host itself. Whether upstream isolation and USB3 downstream routing is really safe w.r.t. firmware attacks, I don't know (do hubs use firmware or not?). Based on information here: http://www.totalphase.com/support/articles/200349256-USB-Background In general, USB is a full "bus" only logically, not electrically due to tiered-star topology. -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.10.1610252145090.18027%40melkinpaasi.cs.helsinki.fi. For more options, visit https://groups.google.com/d/optout.
