Re: [qubes-users] USB Keyboard thoughts...
On 12/03/2017 09:37 AM, Jean-Philippe Ouellet wrote: > On Fri, Dec 1, 2017 at 1:10 PM, Matty South wrote: >> I love the Qubes project! I've been thinking of ways to improve the security >> when it comes to USB Keyboards. >> >> I'm sure a lot of us who use Qubes as our day-to-day OS have a nice keyboard >> attached to the system. Upon plugging in the USB keyboard for the first >> time, I rightfully got a security warning about the implications of passing >> USB Keyboard input into dom0 (think USB Rubber Ducky attack among others). >> OK, I'm on board so far. What surprises me is that I didn't just authorize >> THIS keyboard to pass through to dom0, I have authorized *ANY* USB keyboard >> to access dom0. I verified this with other keyboards and even a home-made >> Rubber Ducky attack using a teensy. >> >> Curious, is there a reason why we don't restrict the authorized USB keyboard >> based on USB Serial number or even VID or PID. Sure with PID/VID, a physical >> attacker who knows your brand of keyboard could still pass through >> keystrokes, but it would still up the bar a little for these style of >> attacks. >> >> I'm on Version 3.2 so forgive me if this has been addressed in 4.0. >> >> Secondly, I don't want to be the guy begging for improvements, I would like >> to contribute. Can anyone point me to a good place to start if I want to add >> this feature? I'm thinking here maybe? >> https://github.com/QubesOS/qubes-app-linux-usb-proxy > See https://github.com/QubesOS/qubes-issues/issues/2518 > Hi Matty and all, I am the developer of the USG hardware firewall mentioned in issue 2518. On its own this gadget can do most of what you want - it blocks hidden hubs so a flash drive cannot also supply keystrokes, and it blocks devices re-enumerating as a keyboard after first enumerating as something else. Issue 2518 is about encrypting keystrokes from the keyboard to dom0, so that a compromised sys-usb cannot sniff or spoof them. Jean-Philippe suggested borrowing ideas from CrypTech's HSM design, which is worth looking into. However I don't have time to look into this myself right now. I would also require help with the qubes-side implementation of whatever secure channel we choose. You are welcome to look through the thread and let us know what you think! Regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a64e8e14-1378-e0ee-89d2-65433414f17f%40fastmail.fm. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Keyboard thoughts...
On Fri, Dec 1, 2017 at 1:10 PM, Matty South wrote: > I love the Qubes project! I've been thinking of ways to improve the security > when it comes to USB Keyboards. > > I'm sure a lot of us who use Qubes as our day-to-day OS have a nice keyboard > attached to the system. Upon plugging in the USB keyboard for the first time, > I rightfully got a security warning about the implications of passing USB > Keyboard input into dom0 (think USB Rubber Ducky attack among others). OK, > I'm on board so far. What surprises me is that I didn't just authorize THIS > keyboard to pass through to dom0, I have authorized *ANY* USB keyboard to > access dom0. I verified this with other keyboards and even a home-made Rubber > Ducky attack using a teensy. > > Curious, is there a reason why we don't restrict the authorized USB keyboard > based on USB Serial number or even VID or PID. Sure with PID/VID, a physical > attacker who knows your brand of keyboard could still pass through > keystrokes, but it would still up the bar a little for these style of attacks. > > I'm on Version 3.2 so forgive me if this has been addressed in 4.0. > > Secondly, I don't want to be the guy begging for improvements, I would like > to contribute. Can anyone point me to a good place to start if I want to add > this feature? I'm thinking here maybe? > https://github.com/QubesOS/qubes-app-linux-usb-proxy See https://github.com/QubesOS/qubes-issues/issues/2518 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_At%2BPXpw0y%3DQgCKZQqYKjSJRCRqbNjD3VtdW%3D9H%2B1kvqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] USB Keyboard thoughts...
I love the Qubes project! I've been thinking of ways to improve the security when it comes to USB Keyboards. I'm sure a lot of us who use Qubes as our day-to-day OS have a nice keyboard attached to the system. Upon plugging in the USB keyboard for the first time, I rightfully got a security warning about the implications of passing USB Keyboard input into dom0 (think USB Rubber Ducky attack among others). OK, I'm on board so far. What surprises me is that I didn't just authorize THIS keyboard to pass through to dom0, I have authorized *ANY* USB keyboard to access dom0. I verified this with other keyboards and even a home-made Rubber Ducky attack using a teensy. Curious, is there a reason why we don't restrict the authorized USB keyboard based on USB Serial number or even VID or PID. Sure with PID/VID, a physical attacker who knows your brand of keyboard could still pass through keystrokes, but it would still up the bar a little for these style of attacks. I'm on Version 3.2 so forgive me if this has been addressed in 4.0. Secondly, I don't want to be the guy begging for improvements, I would like to contribute. Can anyone point me to a good place to start if I want to add this feature? I'm thinking here maybe? https://github.com/QubesOS/qubes-app-linux-usb-proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe3f39b9-8b1c-48b1-b1f8-f82882bce81d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.