Preventing Evil Maid and Rubber Ducky style attacks on Linux

So you are running Linux and you think that perhaps you are relatively secure compared to Windows right? Well actually there’s not much difference when it comes to security of either platforms because there are certain attacks that your operating system will never be able to defend against unless you pro actively take the right security measures to prevent it.

What am I talk about here? Let’s start with hard disk encryption, and let us assume that we are on Linux. So, you have encrypted your default Ubuntu partition with a really strong passphrase during installation (Luks + Dmcrypt) and you must be thinking man am I secure. Well that is true to some extension but the catch here is that your boot partition needs to be left un-encrypted so that it will be able to unlock your drives after entering the correct password.

So here is the dilemma, even on Linux we have an un-encrypted boot partition therefore it is in a way a vulnerability waiting to be exploited. Someone can just mess around with the contents of your boot partition while you are away and perhaps even write a simple shell script that will log the password and send it back to the author?! This is what you call an Evil Maid style of attack. There are not many ways that you can defend against such an attack but a good measure would be to have your boot partition somewhere else, perhaps on a USB drive. Thus whenever you go outside you can keep that USB with yourself at all times and have the peace of mind that the laptop at your home will not be messed around with because all that is there is just a block of encrypted data whose contents can not be tampered with. Today I will not go into details on how you would go about making such a setup because trust me doing this manually will take a lot of work especially if you are on a Distro like Gentoo!

But let me tell you of another attack that is quite common these days and not many people know about it. Have you heard about the USB rubber ducky? If not, go out on the web and Google around a bit. Or if you wanna save time, let me tell you.

Basically, the USB rubber ducky looks like a regular USB…even has a similar size but when you plug it in, it acts as a HID (Human Interface Device). HID is usually reserved for mouse or keyboards, so basically posing as USB and being able to act as a keyboard allows it to interact with an active system in a way that you would least expect. It can own you in a matter of seconds if you haven’t taken the right precautions, especially on a Distro like Ubuntu that allows anything to be automatically mounted by default. This is not just a big threat for Windows but also for Linux.

Perhaps the USB rubber ducky could run as a background process that would spawn a shell and try to sniff the password that you type when you login to your device, after it receives the password it could automatically call home with the new gained credentials.

So I looked around for a bit on how to stop such an attack on Linux, and to my surprise I found that the Linux kernel provides an easy to call interface that would disable the USB ports.

So you could just paste this script and it would disable your USB ports, depending on the number of USB ports you have you may need to modify those commands and follow the instructions in the comments. This script if set correctly, would basically disable USB ports on boot so that you don’t have to worry about manually disabling them (you might forget).

Also you can add this code to your .bashrc or .zshrc, so that you can enable or disable USB manually when necessary.

# Disable usb devices to mitigate rubber ducky style attacks

usboff(){echo 0 > /sys/bus/usb/devices/usb*/authorized_default}

 

#Enable usb devices

usbon(){echo 1 > /sys/bus/usb/devices/usb*/authorized_default}

 

You will need root permission to use these functions so don’t forget to add sudo.

Anyway, this concludes my today’s post and I hope that this will be helpful.

Cheers!

Advertisements

Reason why Linux is not main stream yet…

Alright, I wanted to talk about a lot of the things that have been bugging me lately. This post is totally my personal opinion and is based off on my experience with GNU/Linux.

First of all, let me tell you that I’ve personally tried various distributions (distros) of Linux…from Ubuntu to Gentoo, Fedora, Arch and every thing in between but I don’t consider myself an expert. This post highlights what I think is wrong with the GNU/Linux in general and what can be improved to make it more appealing to the end users.

The various distributions of Linux that I’ve tried are quite similar in nature, they have a lot of the commonalities like the kernel, the architecture and software that run on it but they vary based on the philosophy among their communities, their vision, their goals, their package managers, etc.

For example Gentoo’s philosophy is that it’s a source based distribution where you have to compile everything from source where as others like Ubuntu rely mainly on binary builds.

Anyway that’s not what I wanted to talk about. What I’m trying to highlight here is that a lot of the things that we do in the Linux world is just too damn complicated for a typical end user to go through.

For example, I bought a new laptop eight months ago and it came with a proprietary AMD Radeon HD 8750m card with dual switchable graphics. When I bought it I didn’t expect the card to work at all since it’s so new. But recently I realised that the support for this card is available in the newer 3.11 kernel which allows dynamic power management to improve battery life and decrease heating, etc.

Therefore I decided to install the latest kernel for which I had to use a script (smxi on Debian) to get it installed. Even after installing the kernel, next issue was that I had to enable dynamic power management (dpm) in the boot settings (grub) manually as it was disabled by default. Then again it didn’t work because I was missing some firmware or because I had to disable the proprietary intel driver and load the radeon driver manually. Or may be because of something else that I need to spend time experimenting.

My point is that a typical end user shouldn’t be worrying about these kinds of stuff. In the Linux world we expect the user to be able to manage and handle these kinds of stuff. We assume they have some knowledge of bash, terminal navigation or even programming skills.

In contrast, the Windows or MacOSX world is like handing the end users freshly baked cakes out of the oven. They don’t need to know anything about baking power or the ingredients that goes into it, they don’t need to worry about the correct temperature in the oven….they just enjoy their freshly baked cakes.

That is the reason why I think people (general population) are unlikely to come over to Linux anytime in the future except for hobbyists, geeks and people who need to run Linux for their day jobs. But I can not totally disregard the effort distros like Ubuntu have been putting in….to make a big impact in the department of user friendliness, making all these subtle things that is so hard for a normal Windows user….fade away. So I should obviously give props to them for trying to make Linux go in that direction.

But still, from my last experience with Ubuntu 12.04 there’s a lot of things I didn’t like….let me start off with the Zeitgist and online search bullshit. Whenever you search on the dash, your search results get sent off directly to Ubuntu servers and that is turned on by default! Talk about privacy…..next thing they had was this Geo-location service thing going on and from what I’ve read on Ubuntu forums itself…when your computer boots off it tries to ping Ubuntu server or something similar even while you’re not logged in. So ya that totally turned me off.

Anyway there’s still hope that Linux can make it to the main stream in the Desktop world if SteamOS can be a big hit. Valve is a pretty resourceful, reputable company and the steam platform itself has hundreds and thousand of AAA titles. If they can somehow make all these subtle things in Linux that we have to deal with every day go away and make Linux more usable then I think people can be convinced to switch over to Linux after all.

Don’t get me wrong, I love Linux and use it on a daily basis….but I simply think that it’s not for everyone yet. At my University, I even opted for teaching a Linux course as a term project in order to get more people interested in Linux. From that teaching experience, although there were a handful of students…..what impressed me the most was that even people with no prior experience with Linux were able to grasp things so easily and fast. If I imagine my personal experience with Linux itself…it took me a whole lot longer than that to get the hang of things. Perhaps it was because they had programming experience or IT background etc.  but as of yet I can not confidently go to someone who has zero knowledge of Linux and recommend that person to switch over to Linux. In my opinion they’re better off with their freshly baked cakes.