touch-packages team mailing list archive

Thread
Date
[Bug 1393612] Re: Protect against BadUSB device

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1393612@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 00:14:08 -0000
Reply-to: Bug 1393612 <1393612@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Sadly, the solution is not easy nor obvious. Ubuntu is used in a wide
variety of different ways and many of them do not lend themselves well
to just popping up a dialog box.

Furthermore, the problem is not at all restricted to just devices that
can be reprogrammed to act like keyboards.

A fairly lengthy discussion can be found here:
http://www.openwall.com/lists/oss-security/2014/08/09/4

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1393612

Title:
  Protect against BadUSB device

Status in “systemd” package in Ubuntu:
  Confirmed

Bug description:
  During the last months, it appeared that the theoretical threat of a
  compromised USB device acting as keyboard became a real possibility:
  https://srlabs.de/badusb.

  The solution against such threat is simply to ask the user the
  confirmation before binding a new USB device as keyboard and a
  solution was already documented: http://vogelchr.blogspot.in/2014/08
  /controlling-usb-device-access-on-linux.html

  Similar solution already exist for MS Windows:
  http://robert.penz.name/930/protect-your-pc-against-the-badusb-attack-
  on-linux-and-windows

  Even though the probability to get a compromised USB device is low,
  the security threat is serious and since the solution is simple,
  Ubuntu should be protected properly asap.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: udev 204-5ubuntu20.8
  ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
  Uname: Linux 3.13.0-39-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.5
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Tue Nov 18 02:48:36 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-08-25 (84 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64+mac (20140417)
  MachineType: LENOVO 4298RD9
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-39-generic root=UUID=fa0ba264-7e15-48e1-89e6-3c88237a1903 ro persistent quiet splash vt.handoff=7
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/07/2011
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 8DET50WW (1.20 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 4298RD9
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvr8DET50WW(1.20):bd07/07/2011:svnLENOVO:pn4298RD9:pvrThinkPadX220Tablet:rvnLENOVO:rn4298RD9:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 4298RD9
  dmi.product.version: ThinkPad X220 Tablet
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1393612/+subscriptions