Hacker News new | past | comments | ask | show | jobs | submit login

This device shows up as a keyboard - should keyboards never be trusted ever? How would that work?

First thought was whitelisting USB vendor and device IDs, but I guess those could be spoofed. A button above every USB port?

Going back to PS/2 could be an option? Guess that wouldn't be too different from allowing all devices only on a single USB port.

What if the USB device upon gaining power opened up and poked your button? : P

Shannon's Ultimate Machine....


It would be nice of my OS had an option to disallow any and all USB devices. Plug something in? Ask whether I want to allow it. I guess this would get annoying after a bit. But still, I only use a couple of USB devices on a daily basis, but I click on boatloads of cookie warnings every day.

> It would be nice of my OS had an option to disallow any and all USB devices

Any desktop computer would have to be redesigned to add a "allow new device" button since they have no other input.

Even on many laptops, the internal keyboard and mouse are USB devices, when you install a new OS, do you have to accept trust to those as well? Or how will you stop an external device from spoofing them with the same vendor/device ID?

How about, trusted peripherals should speak DTLS over their USB/Thunderbolt PHY, and the OS should keep a certificate store for recognizing them?

This sounds like something that creates a chicken-and-egg problem of there not already being any such DTLS-speaking USB devices... but how about if vendors just create a little USB dongle that wraps whatever's plugged into it in "authentication" using DTLS? Ship the dongle with the laptop; tell people that if they want to install a new OS, they have to plug a USB keyboard in through the dongle.

> This sounds like something that creates a chicken-and-egg problem of there not already being any such DTLS-speaking USB devices...

Or only allow completely unauthenticated devices as a fallback when there is no other available authenticated device.

A computer not having any keyboard is a rare case. Most of the time you have what is built-in (and should be authenticated) or what came with the computer (and should be authenticated).

Allowing unauthenticated keyboards only on detection of no authenticated ones probably covers 99.9% of all use cases and increases security dramatically.

Aren’t we trying to prevent an attacker with physical access? They could simply unplug everything first.

maybe not the exact correct solution (some of those MCUs are wayyyyy too tiny, slow, and stupid for something as complicated as DTLS), but this is not a horrid thought. The bootstrapping problem can be resolved via Microsoft's secureboot certificate and letting the firmware sort out the initial "trusted boot USB sticks" or however.

hell, simply through acquisition and acquiescence, the market already accepted locked-down platforms. at this point, we ought to have more benefits from this instead of just making these platforms hard to install Linux on.

I use USBGuard on Linux to this effect.

It looked quite promising when I took a look two years ago. There was no support for properly filtering devices that contain multiple endpoints though, like a mouse with mass storage. You could either allow both our none. It was on their roadmap but kept getting postponed iirc. Should take a look again I guess. :-)

At least the user should be informed, meaning it should show the bare minimum to allow us to act upon. Something like "USB keyboard connected: [Device specified name]" for common device types. More complicated/dangerous stuff should only run after user acknowledgement. This way there is at least a significant risk to get caught / chance for the user to catch it.

Not sure if I just mis-configured my windows, but it is certainly lacking on that front. The Settings -> Devices -> USB having just a single checkbox for error popups is probably not a good sign.

On a Mac, wouldn't this cause a "please identify this keyboard by pressing the key next to the shift key" prompt?

Regarding keyboards, maybe at least don't automatically trust a SECOND keyboard? Even when user interaction isn't possible until the device is active, as someone else pointed out, you can at least send a warning to the user's display.

My quick thought was to have the OS display a random char sequence, which must be typed on the keyboard before input is accepted.

Usability could be optimized depending on how uniquely identifiable keyboards are (to reduce when trust prompts are shown).

I have never once wanted to attach a keyboard to my phone

This cable targets the host computer it's plugged in to, not the phone.

The device shows up as a keyboard on your computer, not on your iphone

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact