[Noisebridge-discuss] Keyboard / Mouse / BadUSB Mitigation by disabling firmware updates

Glen Jarvis glen at glenjarvis.com
Fri Jan 1 03:21:12 UTC 2021


Background
=======

This BlackHat USA 2014 video explains the background for my request for help:

https://www.youtube.com/watch?v=nuruzFqMgIw

Question
======
As per the end of the BlackHat USA video, one of the best ways to mitigate BadUSB is to have a USB hardware where the firmware cannot be updated.

I initially was looking for a keyboard and mouse from a trusted manufacturer where the USB controller firmware was now read only.

In the absence of this, I was looking for any Noisebridge kit, where the interface class and endpoints were already configured for only a keyboard/mouse (and we return to normal operations without allowing any additional registration). And, this firmware was no longer update-able.

The idea then would be to cut and connect a working keyboard cable, splicing this USB controller instead. (Like one does with a USB condom for JuiceJacking -- but, include all the lines to this USB controller).

Does anyone know of any work that has been done in this area? Are there any kits available? I'm not looking at building a new kit. My interest is to consume a trusted product that has already been created.

Any feedback or leads would be appreciated.

Kindest Regards,

Glen Jarvis
https://forums.puri.sm/u/activate-account/2c7902e531824f3510637ba924db7ab3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20210101/53aa9de3/attachment.html>


More information about the Noisebridge-discuss mailing list