USB Firewall for protection?


#1

While working on a recent custom build a thought occurred to me: I plug an awful lot of random PCBs into my hardware that I know nothing about. For all I know they could have malicious code on them that I could never detect with traditional antivirus software. Then I read this:
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

Has anyone else thought about this or taken steps to mitigate?

I saw this USB firewall on the market a while back:


But it appears to only work with full size keyboards.

Anyway I’d love to know the community’s thoughts on the subject.


#2

i think recently there was a case of a chinese keyboard company containing a keylogger: https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html


#3

I remember reading about that, although that required a driver that acted as a key logger I think.


#4

I love how the infosec community is already paranoid and now with this report (the veracity is somewhat disputed by Apple, etc) people are going to be extra careful about their hardware.

I’m waiting for this sort of thing to show up in more IoT devices.

From the story, it does seem Bloomberg has something wrong, there are a better ways to do similar things that don’t involve this high of a level of hardware expertise and logistics. We’ll see if Apple or any of the other companies involved put out any more explanation - it could be that National Security folks got involved too, so we’re dealing with finding the truth amid corporate trying to portray the security of customer data, NatSec trying to keep what they discovered quiet (I don’t know if you could sandbox or honeytrap such hardware?), and reporters trying to not only find the truth, but understand and explain the more obscure hardware explanations for what exactly was found.

Now if you excuse me, I’m going to tear apart my microwave and check for hidden spy chips… :flushed:


#5

Ya as you can tell I’m definitely out of school on this topic so it could have been a stupid question.


#6

I wonder why no one has created an easily accessible solution to this? I get that it would be kinda hard to do with how much information is transferred between devices but I think it is fully do-able. Granted I’m pretty sure that this would have to cause some sort of latency if you have it running all the time.


#7

There’s an additional Bloomberg piece today about another hardware implant, but this time it is an Ethernet port that’s been modified: https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom?srnd=premium


#8

“One of the keys to any successful hardware attack is altering components that have an ample power supply to them, a daunting challenge the deeper into a motherboard you go. That’s why peripherals such as keyboards and mice are also perennial favorites for intelligence agencies to target, Appleboum said.”


#9

(╯°□°)╯tinfoil hat folding intensifies ノ( º _ ºノ)


#10

Well. HASUs USB2USB Converter on which you can flash you keymaps would work for this purpose.


#11

FWIW if it is a matter of power to the device, then a typical USB Condom / Data Blocker can be purchased pretty cheap, or made even cheaper.

As for data in/out…that I am unsure of.


#12

Im more concerned about us having a way to prove to employers that our custom keyboard is safe. I hope qmk is looking into that stuff.


#13

+1


#14

But it’s not.
You can practically record macros,
which can be played again later. So you could
set up to record a password someone else enters with the keyboard.

Or you could just flash a fork or another program to the microcontroller.
How should one check that it’s just plain QMK?

Also most employers won’t do that hassle do research that there is a piece of software running on
the board just because someone wants to ‘use their own keyboard’, that’s a joke to em.