You may have heard about the "badusb" talk coming at blackhat. In theory, we should wait to watch the talk and see what it's actually about, but since some people can't wait that long, here's a few thoughts. (I'm a little surprised nobody has asked here already. I have some time free, thought I'd beat the rush. :))
The claims on the main page, https://srlabs.de/badusb/, are fairly reasonable if a little vague. Other claims I'm reading elsewhere appear a little overhyped. In order of increasing danger... 0. The final claim is that once infected, you'll always be infected because disinfection is nigh impossible. Meh. The same could be said of the firefox exploit of the week. It too can reprogram your bios or persist itself in any number of ways. 1. They're exploiting all manner of Windows specific autorun functionality to install or configure drivers. By default, OpenBSD will do just about nothing when a USB device is plugged in, so this is not a serious concern. 2. They have created a rogue keyboard device which will type naughty commands. In theory, the same keyboard could type "rm -rf ~" into an xterm. This is a tiny bit more challenging since it probably depends on your desktop environment and window manager, but presumably your attacker will know all that. So yeah, vulnerable. But at the same time, I could also train a monkey to type that command and strap it to your normal not backdoored keyboard. Beware the badmonkey attack, too. 3. A storage device may lie about the contents of a file. Sometimes it will say one thing (so it looks safe on this computer), sometimes it will say another (so it installs a backdoor on that computer). Don't install OpenBSD from media you don't control. Technically, signing the sets won't help since the backdoor installer might have a bogus key on it (or a bogus installer that doesn't check). You can always pxeboot and hope that the firmware in your ethernet card is more trustworthy. They don't appear to mention two other avenues of exploitation, which may be more practical. I refer specifically to OpenBSD, though there's no such limitation. First, the USB stack has a number of known races and other bugs, especially around attach/detach and error handling. If a rogue device attached and detached itself several times, it could likely corrupt the kernel heap. Game over. Second, any USB disk, even one with a normal firmware, can have an evil filesystem image on it. By this, I mean the metadata that the kernel reads is corrupt, not that it has naughty files. There have been crash reports when mounting corrupted (and even not corrupted) (e.g.) MSDOSFS disks. The kernel is a little too trusting that a filesystem is what it claims to be. There are probably exploitable vulns here, too. All that to basically say "don't panic" (that's the kernel's job). Fixing filesystem bugs is something we'll do, of course, but it's not a priority for me to sit down and start fuzzing Right Now. Same for miscellaneous bugs in the USB stack.
