Investigate how malicious devices could become trusted keyboards/mice

[jyasskin]

USB devices are trusted as keyboards and mice by default, which leads to well-known exploits like https://srlabs.de/badusb/.

How vulnerable are current operating systems to the same attacks over Bluetooth? For example, if I pair a device that looks like a fitbit, but which also exposes a HID keyboard service, will my OS trust the keyboard without warning me? If I pair a device, and it adds a keyboard service later, will my OS trust the new keyboard?

This is relevant to this project because we have to assume some devices will be vulnerable to GATT writes in ways that let the attacker compromise the firmware and add new services.

@jracle @armansito

[keybuk]

Linux systems will trust that keyboard, I suspect that OS X and Windows will too.

We don't really have a well-defined notion of intent when dealing with Bluetooth devices. If I pair a device through the UI, do I intend to use that device as a keyboard, or with an app, or both? If I only intend to use it through an app, how do I subsequently use it with additional apps, or as a system device?

It's not a technology problem, adding a service whitelist to the device database is trivial. It's a UX one.

[shuangMoz]

Keyboards/mice implemented as the standard HOGP, and they are almost filtered out from the list of discovered services by OS (such iOS, Android). Can UA application actually handle it?

[shuangMoz]

@jyasskin When you paired with device in Linux, that device will not mark as "Trusted" by default, right? In that way, we can control it per service.