Corrupt
Results 1 to 2 of 2

Thread: 40 Linux USB security holes***syzkaller - kernel fuzzer

  1. #1
    Join Date
    Jun 2012
    Location
    In the boonies
    Posts
    854

    Default 40 Linux USB security holes***syzkaller - kernel fuzzer


    syzkaller - kernel fuzzer


    syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees.

    The Linux kernel USB subsystem has more holes than a donut shop. On Monday, Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws found using syzkaller, a kernel fuzzing tool developed by another Google software engineer, Dmitry Vyukov.
    That's just the tip of the iceberg. In an email to The Register, Konovalov said he asked for CVEs for another seven vulnerabilities on Tuesday, and noted there are something like 40 that have not been fixed or triaged.
    Konovalov downplayed the risk posed by the flaws, based on the fact that physical access is a prerequisite to an attack.

    https://github.com/google/syzkaller


    Don't worry about those 40 Linux USB security holes. That's not a typo

    http://www.theregister.co.uk/2017/11...security_bugs/
    "I never got any complaints." - Assistant Commandant at Aushwitz, 11/01/1964
    http://incogman.net/
    " If you can't be well liked, be well hated"
    http://famguardian.org/Publications/...k/rulebook.htm
    ~Reb~

  2. #2
    Join Date
    Dec 2012
    Posts
    1,614

    Default

    The situation is way worse in the Windoze world.

    There are many more exploits out there for Windoze, and a properly set up Linux or BSD system will require administrator access to mount a usb device.

    If you are feeling really paranoid, you could try one of these: usb device firewall



    Meet the USG.

    The USG is a small, portable hardware USB firewall that isolates a potentially harmful device from your computer. It's designed to prevent malicious USB sticks and devices laden with malware from infecting your computer.

    You might be thinking, "What's the point?" The problem is that most computers automatically trust every USB device that's plugged in, which means malicious code can run without warning.

    It's not just computers: Cars, cash registers, and some ATMs also come with USB ports, all of which can be vulnerable to cyberattacks from a single USB stick.

    Enter the USG, a nifty tool for the privacy-minded and super paranoid that aims to solve that problem.

    Every USB device has its own micro-computer that runs its own firmware. It only takes one malicious USB stick to send a malicious message to your computer to cause damage.

    That's where the USG firewall comes in. You plug in one end to your computer, and you plug in a suspect USB device into the other. A simple hardware serial link that only accepts a very few select number of safe commands, which prevents the device from executing system commands or intercepting network traffic.

    That means the data can flow from the USB device but effectively blocks other USB exploits.

    These kinds of attacks might be rare, compared to spam, ransomware, and other kinds of malware, but they can still do considerable damage.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •