search

Lvl4Sword / Killer

🔪 System tamper detector for USB, Bluetooth, AC, Battery, Disk Tray, and Ethernet.
https://pypi.org/project/killer/
GNU Affero General Public License v3.0
71 stars 11 forks source link

Connected USB Whitelist Bypass #52

Closed Lvl4Sword closed 5 years ago

Lvl4Sword commented 5 years ago

Someone could easily connect a device that has the same Vendor/Product IDs as a device already connected, as this isn't checked. This should be checked and shutdown if detected/attempted.

Realistically you're not going to have two devices with the same Product/Vendor IDs ( please present proof to the contrary ).

Lvl4Sword commented 5 years ago

As in it turns out, my current system has two of the same Vendor/Product IDs detected through the motherboard ( 1d6b:0002 Linux Foundation 2.0 root hub which are my two USB 2.0 ports.. ).

So the best bet is probably having a parameter/configuration of allowed duplicates per each Vendor/Product ID.

Lvl4Sword commented 5 years ago

https://github.com/Lvl4Sword/Killer/commit/288ccde65d08bdc37b199c55f7ad658ed3ee84fb and https://github.com/Lvl4Sword/Killer/commit/971aa9971fd5490249a2c10196e3deef1115bbc7 fix this. Configuration change was added in https://github.com/Lvl4Sword/Killer/commit/f7d48927583df892ea92b1ea09859b607565e394