diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-07-07 16:28:34 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-07-07 16:28:34 -0300 |
| commit | 420053837f4ab3ccb2300b5f381bec158e5f3b93 (patch) | |
| tree | 33b88e13408e3b9ea4f13005645e9537dc66f91e | |
| parent | 54a01fe6b46bb73b1e3a792a026211424db547f6 (diff) | |
| download | bootless-420053837f4ab3ccb2300b5f381bec158e5f3b93.tar.gz bootless-420053837f4ab3ccb2300b5f381bec158e5f3b93.tar.bz2 | |
Threat Model: BadUSB
| -rw-r--r-- | index.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -77,10 +77,12 @@ Threat Model 2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and potential backdoors such as Intel's AMT/ME. +3. The USB stick itself is not a static device: it's has a built-in processor for wear-levelling that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)). + ### Additional mitigations 3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter. -4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for open hardware and try to build stuff yourself :P +4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware. - Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). |