From 420053837f4ab3ccb2300b5f381bec158e5f3b93 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 7 Jul 2016 16:28:34 -0300
Subject: Threat Model: BadUSB

---
 index.mdwn | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'index.mdwn')

diff --git a/index.mdwn b/index.mdwn
index c8ed254..7b0cdc3 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -77,10 +77,12 @@ Threat Model
 
 2. Infection is still possible in plenty of unencrypted/unauthenticated software residing in the machine, such as BIOS, network firmware and potential backdoors such as Intel's AMT/ME.
 
+3. The USB stick itself is not a static device: it's has a built-in processor for wear-levelling that could be exploited to present to your computer a compromised kernel or initramfs ([BadUSB attacks](https://links.fluxo.info/tags/badusb)).
+
 ### Additional mitigations
 
 3. For physical attempts to tamper with your bare metal, you might try to protect and monitor your perimeter.
 
-4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for open hardware and try to build stuff yourself :P
+4. From inside threats such as preloaded backdoors in the hardware, the best you can do is to look for laboratory audits and build and use open hardware.
 
 - Check your boot using something like [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html) ([repository](https://github.com/QubesOS/qubes-antievilmaid)), [smartmonster](https://git.fluxo.info/smartmonster) ([original repository](https://github.com/ioerror/smartmonster)) or [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
-- 
cgit v1.2.3