|
Message-ID: <20190822180214.z5vssydiobp6uy6x@yuggoth.org>
Date: Thu, 22 Aug 2019 18:02:14 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: multiple vulnerabilities in the USB
subsystem x2
On 2019-08-22 13:57:53 -0400 (-0400), Perry E. Metzger wrote:
> > Are these even realistic? If I'm going to leave malicious
> > USB devices in the parking lot for mischief am I going to rely
> > on the unknown victim running a Linux distro with the
> > requisite kernel modules or am I going to just drop a cheap
> > and near-universal USB killer?
>
> Android phones run Linux. People routinely plug those phones in to USB
> charging stations in airports, on airplanes, at booths in public
> places, etc.
Exploitation of which is commonly referred to as "juice jacking"[*]
and has led to a booming demand for "USB condoms" lately.
[*] https://en.wikipedia.org/wiki/Juice_jacking
--
Jeremy Stanley
Download attachment "signature.asc" of type "application/pgp-signature" (964 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.