Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Aug 2014 12:46:02 -0700
From: Greg KH <greg@...ah.com>
To: Eddie Chapman <eddie@...k.net>
Cc: oss-security@...ts.openwall.com
Subject: Re: BadUSB discussion

On Fri, Aug 08, 2014 at 06:40:50PM +0100, Eddie Chapman wrote:
> Yes, immensely. It's clear to me now that being able to re-programme a USB
> device firmware is not quite as easy and straightforward as is being made
> out to be in certain quarters.

On the contrary, it's trivial to do on a whole bunch of USB devices as
that is how they were _designed_ to work.  So much so that there is a
whole USB spec on exactly how to do this in a way that will work across
all different operating systems:
	http://www.usb.org/developers/docs/devclass_docs/DFU_1.1.pdf
I don't remember when the 1.0 version of this spec was published, I
think around 1995 or so.

So I really don't see how this ability is anything "shocking" to anyone.

> That's not to say that the research being discussed hasn't thrown up
> some very interesting issues around hardware and trust.

Never trust hardware.  Until you have to.  :)

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.