Slashdot Mirror
Chrome OS To Block USB Access While the Screen is Locked (zdnet.com)
Google will add a new security feature to Chrome OS, the company's web-based operating system that powers its Chromebooks devices, it announced this week. From a report: The new feature, named USBGuard, will block access to the USB port access while the device's screen is locked. According to a Chrome OS source code commit spotted by Chrome Story earlier this week, the new feature is currently available in Chrome OS Canary builds and is expected to land in the stable branch of Chrome OS soon. Once this happens, users can enable it by modifying the following Chrome OS flag: chrome://flags/#enable-usbguard . The way this security feature is meant to work is by preventing the operating system from reading or executing any code when a USB-based device is plugged in, and the screen is locked.
So if you have a locked screen and the keyboard stops functioning, plugging a new one in the USB port will not work?
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Isn't that the real issue?
If I mount a filesystem, I don't expect it to start executing random files on it at all.
If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison
So if you have a locked screen and the keyboard stops functioning, plugging a new one in the USB port will not work?
The parent to your comment specifically said "mass storage", which human interface devices are not. The summary also refers to not being able to read or execute code while locked and USB inserted, which sounds similar... since key-presses/mouse-clicks aren't code.
I suspect someone smarter than both you and I thought about this before implementing it.
"Oh no... he found the
... because you know they're going to block *everything*, even if they only do it by accident.
And woe be those servers that use an internal USB port as a secure boot device.
And finally, all those programs that use a USB dongle as part of a two-factor security system.
Microsoft already had this in the initial release of Windows XP a long ass time ago. They removed it with the very first SP. Why? Because if there are ANY keyboard issues, you cannot add another one at all. Windows XP Pre-SP USB device detection only happens AFTER login. You run the risk of literally be locked on the password screen with zero way to enter a password. Things may be different with attached keyboards and touch screens now, but I still like the idea of the safety net of being able to attach a keyboard during trouble shooting.
Or at least PS/2 emulating usb subsystem for the primary console.
Linux has this same problem under certain types of lockups/crashes. The USB subsystem can freeze keeping you from rebooting the system or getting to a console to fix the issue, while a PS/2 keyboard can ALT-SYSRQ to freedom.
Unfortunately most modern linux distros lock out those sysrq keys by default, even though they can sometimes allow a power user to solve hardware/software issues without a full system reset.
captcha was 'teletype'. Even 50+ years later there isn't a better solution than a good old text console for righting the wrongs of a computer system.
And yet, there are ways to trick the USB firmware into misclassifying a device trivially.
Yes, and?
I mean, I suppose you COULD misidentify a keyboard as a mass storage device and it would not work.
Or you COULD misidentify your external USB drive as an input device and it would do exactly nothing, unless it had the password to unlock your system.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I suspect someone smarter than both you and I thought about this before implementing it.
Well, unlike most people here I have been reading TFA and lookie here:
Google took this precaution to prevent Rubber Ducky-type of attacks. A Rubber Ducky is a well-known term used to describe a malicious USB thumb drive that when plugged into a computer mimics a keyboard and runs malicious commands.
So what happens when you plug in a regular keyboard? My guess is "nothing". So there might be a problem when you want to troubleshoot a machine which is supposed to run unattended (NAS, video monitoring, etc).
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
A keyboard-shaped peripheral may contain a composite device that supports both HID class (for keyboard use) and mass storage class (for reading and writing, say, microSD cards).
So there might be a problem when you want to troubleshoot a machine which is supposed to run unattended
A Chromebook is not "supposed to run unattended". From the horse's mouth: "Remember: Chrome OS devices are not general-purpose PCs."
And yet, there are ways to trick the USB firmware into misclassifying a device trivially.
And as a result the mass storage device won't be able to do much more than send keystrokes back and forth.
The risk and malware vector you're describing it mis-classifying a functioning device while a second loads in the background with a different classification. This would still prevent miss-classifying as an attack vector when the screen is locked.
You just made me curious about whether formal verification has ever been applied to file system drivers distributed to the public as free software. Because if so, then one could prove beyond reasonable doubt that a file system driver has no vulnerabilities.
PS/2 keyboards do not work on google devices.
Heck, a PS/2 keyboard doesn't even work on a PlayStation 2 despite the name.
First, the featured article is phrased in such a way as to imply that the USB Guard feature isn't even turned on by default. Second, how would USB Guard block backing up your files to a public or private cloud, unless perhaps you're using a USB network interface?
All OSs should do that. It shouldn't have ever been a thought.
I don't see it applying quite as easily to a desktop computer. If USB is disabled until you authenticate, through what interface would you authenticate?
From my understanding, this is not shoved down the users' throats and can be toggled on/off.
Maybe it disables only the USB devices inserted during the screen lock? Also the charger is usually connected via USB interface and I don't think it should (or even could, since it's just a power source) be disabled.
They need to be cracked so they can be turned into GP computing devices. Then again, that's a lot of work for essentially a netbook.
It's common knowledge that Mercedes vehicles that are out-of-warranty are high risk purchases and quite inexpensive. Because the steep maintenance cost makes them mostly not worth having. So you can get 'nice' older Mercedes sedans for $8-10K because the cost of servicing them is out-of-this-world, and they're complex fusty machines that need said service regularly.
"That's great. So a USB can claim to be a keyboard, but really is a storage device. What difference does it make?"
You mean besides it storing all the passwords you type in and those awful, disgusting porn search terms you enter?
I don't want those dangerous potentials and currents getting to the battery if I've locked my phone.
Three bad scenario.
- if the new version of chrome OS blocks *all* USB peripheral, like the summary implies:
you try to wake up your chromeOS powered mini PC/smart appliance/etc. but you can't unlock past the password prompt, because the keyboard is dead (battery of wireless empty, keyboard is physically fried, water dammage because spilled beer, etc).
you try plugging another USB keyboard, but it's blocked. You can't type your password, you need to hard reset, all your unsaved data is lost (including the one inside the full linux container you installed atop of ChromeOS)
- if chromeOS only blocks USB mass storage, like the Apple Mac OS X mentioned above: ...except that this isn't a garden variety plain normal usb mass storage. it's a "Bad USB" (the controller isn't a simple flashtranslation controller, bud a complex CPU running a nefarious software):
you've found/received/etc. a nice USB stick. you plug it into your chromeOS netbook: storage shows up. you're happy with new acquisition and fetch a beer to celebrate. while you away, the screen locks...
while you're away, the micro-controller inside the stick detects the absence of activity, and suddenly exposes a new USB HID device. because that one is a HID and not the forbidden mass storage type, chromeOS happily adds what it thinks looks like a keyboard (even while locked), but is infact the nefarious software in the stick. the Bad USB stick starts to autonomously hack your laptop.
- if the laptop/miniPC/etc. 's port is badly isolated :
you've found/recieved as a present/stole/etc. some nice USB stick.
you plug it in....
except this one is a USB Killer (a batch of high voltage capacitors hidden in the shell of a USB Drive)
your laptop is fried.
its cheap Chinese knock off lithium battery catches fire.
your house get burned.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
this one is the benign version.
the malicious version is the otherway around:
a USB Stick shaped device that suddenly exposes a USB HID device while you're away and uses this simulated keyboard to start hacking your computer.
(look fir "Bad USB", there are even tutorials explaining how to make one out of a Raspberry Pi Zero).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Actually, I suspect the real reason behind this is because Google wants you to use (their) cloud storage, instead of local storage. So rather than simply preventing ChromeOS from running executables located on external media (have to copy it to the Chromebook first), they made so a screen lock will prevent you from doing anything with external storage, like, say playing a music playlist located on a USB flash drive. Oh well, at least they made it optional.
Well that depends upon how much you spent on your Chromebook, if these prices are anything to go by https://www.techradar.com/news..., if you keyboard stops working, toss it in the bin and buy a new one, though I suspect that the $35AUD price tag might not be quite accurate ;D.
Chaos - everything, everywhere, everywhen
Which raises the question of why ChromeOS would be vulnerable to such an attack while the machine is locked.
That's exactly what I was getting at - on OSX you can type all you like once the system is locked, unless you know the system password (as I said) you aren't doing anything.
So what the hell is going on with ChromeOS that typing actually matters when the system is locked??
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You can definitely plug something that declares itself a keyboard then turns itself into something else.
There are many applications, for instance my Nitrokey Storage declares itself a simple USB read-only key when plugged, and then turns itself into many other things (simultaneously) when I ask the right questions.
You can check that, and also how you can protect you, hardware side : https://github.com/robertfisk/...
(disclaimer : I am not related to the device or its designer, but I own two, and they have worked fluently for two years on. I decided to buy them when, in the same week, US customers looked at me like a witch when I offered them my data on a company USB stick, and russian ones handed me a nice russian-decorated stick for doing the same...)
R. Fisk is preparing an USB2 version in parallel to this original USB1.
H.
Herve S.
For me, the way both sentences are written actually means the system *fully halts* when you plug the USB. :-D
I leave it to you to further evolve the text
Herve S.
You missed the point entirely, congrats. It's not about the value of the keyboard, it's about the inability to access your machine in case the connected keyboard stops working.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Fir? Nothing is Coming up when I search for âoefir bad usbâ
...writes the guy who also uses a smartphone to type /. posts too.
You know "âoefir" and "usbâ" search keywords won't bring much neither~~
(Not even auto-correct will help against for/fir mistypes, being a perfectly valid english word, even a current season relevant one. If you find a "Bad USB" under your Christmas fir tree, you know Santa hates you).
BTW: beside "Bad USB" another relevant keyword to search for is "Rubber ducky"
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
ok, i get it, if you're not near your computer and somebody plugs in a usb stick your computer can get hacked without you knowing it.
but, if you, while working, plug in a usb stick with malware on it yourself it will still execute?
how about not executing anything at all when inserting a usb device, sounds like a much better idea.
On a long enough timeline, the survival rate for everyone drops to zero.
Optimist: Ideally, USB Guard in Chrome OS could be configured such that if a USB device is seeing substantial block traffic in the seconds prior to unmounting, it'll stay mounted until the traffic dies down.
Pessimist: Google wants Chrome OS users to subscribe to both Google One and a wired home Internet provider as a substitute for backups to USB mass storage.