Re: Concrete ideas for the December-March OPW?
- From: Hans Petter Jansson <hpj copyleft no>
- To: Tobias Mueller <muelli cryptobitch de>
- Cc: Safety and Privacy Team <safety-list gnome org>
- Subject: Re: Concrete ideas for the December-March OPW?
- Date: Tue, 28 Oct 2014 16:39:28 +0100
On Tue, 2014-10-28 at 10:59 +0100, Tobias Mueller wrote:
On Mon, Oct 27, 2014 at 06:17:21PM -0600, Federico Mena Quintero wrote:
One of mine is to implement something that disables the USB ports.
Sounds like a silly idea, but USB creates a large attack surface and we
have seen many malicious devices. And, FWIW, I have investigated USB security
myself¹ and think it's worthwhile to limit its availability ;-)
Anyway, we might only want to disable USB while the lockscreen is on
and re-enable when the lockscreen has been unlocked.
A first step towards this goal might be to write a tiny program that does
nothing else but disable USB while it's running and re-enable when it is
exiting. Then, one could write an application with a toggle button that
toggles the availabilty of the USB. Finally, one can think of integrating that
with the lockscreen.
I like this idea. It fits well with the lock screen because it offers
some protection against local, physical attacks where the attacker has
only a couple of minutes to pull it off (much longer than that and
you're probably toast anyway).
It might be a good idea to leave alone USB devices (keyboard, mouse),
mounts and ongoing file transfers already present when the lock screen
comes up. Would it be enough to just prevent new USB devices from being
added? If so, how do we handle the case where the user tries to change
their keyboard while the lock screen is up? Would a device whitelist be
reliable, so he could at least re-plug his old keyboard and log back in
using that?
--
Hans Petter
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]