W dniu piątek, 1 grudnia 2017 19:10:07 UTC+1 użytkownik Matty South napisał: > I love the Qubes project! I've been thinking of ways to improve the security > when it comes to USB Keyboards. > > I'm sure a lot of us who use Qubes as our day-to-day OS have a nice keyboard > attached to the system. Upon plugging in the USB keyboard for the first time, > I rightfully got a security warning about the implications of passing USB > Keyboard input into dom0 (think USB Rubber Ducky attack among others). OK, > I'm on board so far. What surprises me is that I didn't just authorize THIS > keyboard to pass through to dom0, I have authorized *ANY* USB keyboard to > access dom0. I verified this with other keyboards and even a home-made Rubber > Ducky attack using a teensy. > > Curious, is there a reason why we don't restrict the authorized USB keyboard > based on USB Serial number or even VID or PID. Sure with PID/VID, a physical > attacker who knows your brand of keyboard could still pass through > keystrokes, but it would still up the bar a little for these style of > attacks. > > I'm on Version 3.2 so forgive me if this has been addressed in 4.0. > > Secondly, I don't want to be the guy begging for improvements, I would like > to contribute. Can anyone point me to a good place to start if I want to add > this feature? I'm thinking here maybe? > https://github.com/QubesOS/qubes-app-linux-usb-proxy
All of these values can be forged by the attacker. You may want to try using udev rules to block all keyboards except the ones that were present during boot process. You'd lose the ability to use USB keyboard plugged into a live system but it would also force a potential attacker to reboot your machine in order to use a rubber ducky. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/153e0878-7269-472c-8ab4-993888e857dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
