Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Has a USB Driver Security Problem (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. "All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine," Konovalov said. The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched. Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.

9 of 156 comments (clear)

  1. an attacker has physical access to the machine by Anonymous Coward · · Score: 4, Informative

    you're already pwned

    1. Re:an attacker has physical access to the machine by Calydor · · Score: 4, Insightful

      If all it takes is access to plug in a USB dongle, that's a different kind of access than being able to open up the machine and tinker with it. Secretary turns her back for a moment? Plug it in while you can.

      Hell, with the tendency for people to plug in USB keys found on the street still to this day, that's all that would be required to exploit these flaws in an otherwise impenetrable building.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:an attacker has physical access to the machine by squiggleslash · · Score: 5, Funny

      Secretary turns her back for a moment? Plug it in while you can.

      Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!

      --
      You are not alone. This is not normal. None of this is normal.
    3. Re:an attacker has physical access to the machine by Anonymous Coward · · Score: 3, Funny

      UNREALISTIC. Windows does not have these same vulns. Secretary is safe.

    4. Re:an attacker has physical access to the machine by Jeremi · · Score: 5, Insightful

      Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!

      If it turns out that the secretaries of the world have been running Linux all these years, I will be rather surprised :)

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    5. Re:an attacker has physical access to the machine by cstacy · · Score: 4, Funny

      Secretary turns her back for a moment? Plug it in while you can.

      Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!

      No, they haven't been portraying it accurately for years. But in the last few weeks we have seen actresses and secretaries in Hollywood coming forward with the story of what happens when they turn their backs and executive producers try to "plug it in while they can".

    6. Re:an attacker has physical access to the machine by tlhIngan · · Score: 4, Interesting

      Of course, all it takes is a few plug-in attempts to create kernel panics...or is that moral panics?

      I've had it happen to me while I was developing a USB device. Plugged it into a Linux machine and it kernel panics immeidately. No, plug it into Windows and nothing happens.

      It turned out I screwed up the USB descriptors I was returning - Linux didn't like that I set the descriptor type wrong.

      Granted, this is something I did many many many years ago (around the time of the great east cost blackout) so I expect that it would be somewhat more robust now.

      It's also interesting to see how different OSes reacted - the USB descriptor is a fixed size, but some OSes (Windows, notably) only do a partial request - I think it was 5 bytes - in order to get the USB descriptor type and length bytes, then it re-ran the request with the proper size. Linux at the time simply did a proper sized request - the descriptor size is fixed and unchanging so what Windows did was completely unnecessary unless it was to ensure that devices responded properly.

  2. Seems like a good thing! by DarkOx · · Score: 3, Informative

    Severs in locked data centers - safe
    PCs in locked offices / homes - safe
    Laptops - safe if you shut it down and have bios password to enable boot, probably safe with encrypted root fs, provided machine is shutdown to begin with.
    Laptop in yours own hands - safe

    Now all those consumer devices that the manufacture won't let you have access to, ROOTED!

    This is a win.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  3. Can we have PS/2 ports back now? by blindseer · · Score: 3, Interesting

    I've worked in secure environments and as someone that has obtained security certifications I see all kinds of problems with USB beyond improperly coded drivers. One common practice not that long ago was to disable any USB ports to stop people from plugging in things they weren't supposed to. This was only possible while PS/2 ports for keyboards and mice were still commonplace. (There was also that short period where some Apple computers had both ADB and USB ports.)

    I like USB-C. It's quite the improvement over what we've had before. I am a bit concerned on how this affects the security of our devices in the future. Controlling things like someone offering a "charger" for a laptop or cell phone to try to sneak into a device can be managed in many ways. Dedicated ports for video, keyboard, mouse, and even Ethernet had inherent security in that they did only so much which prevented certain security issues. Will all these ports go away and be replaced with USB-C?

    Again, I really like USB-C as it adds convenience and capability that nothing else offered before. It also adds security issues that a simple list of "dos and don'ts" cannot cover for many less technically knowledgeable people to follow. Securing computers from many kinds of attacks is going to be an increasingly difficult problem unless we get off this mentality of one port to rule them all.

    Maybe we'll see some means to better secure USB. Maybe we'll see computer systems that will allow one to disable anything that is not a HID or power device from being recognized on USB in the firmware. Maybe OS developers will provide better granularity on what USB ports are allowed to do.

    Maybe we'll get PS/2 ports back again. Probably not. I do think something has to give. If we can't have the inherent security of feature limited ports then we will need some security through better management of the ports that replace them.

    --
    I am armed because I am free. I am free because I am armed.