Bad USB with USB devices in VM

[Steve]

If a memory stick infected with Bad USB is inserted into a laptop running Qubes with the USB devices running in a VM, does the laptop USB firmware get rewritten by the Bad USB ?

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Possibly. This is why we blacklist USB controllers from dom0 if a USB
qube is created by the installer (so that they're not accidentally
exposed to dom0 afterward).

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYdy0DAAoJENtN07w5UDAw07gP/jVCgKmUzS27PflasRKdd6Fp
xZRYR2N/08umiiuDvbX99/PzOufZbuF5dqwuPVJANT4yad0ENvDp9Hgj2FuaVDdo
krLKJ+u4uVj74412c7xjf+BXgN18BkBnMyNdC10SAhI3Ce2D1Z0ezYE7Y02TSDXS
xs6jFhY4umVjr0xqvUyeE6aohVvQ2Zkd1LqgwoxhHL2JzvC5iC6ez46CfFjQwkxI
K31KexQrfQmtWzuTn7v6GjiDzant2SU8k09zdazJD8U3ifbpzoKIYDCJWCQ/dDBy
zS/wjyaRGd823ZaotXjQQUCRrsSItxtf0umrX/P87BC1E6PYmX2ruziScZqg7SiX
e1IMTKYtIRfPCPPV75eUAcZ45KscOU7Y5ArlFhClZ5dEFSnmzss0jpKDhucPdB+K
WDB5qZJXM11oSWRbDNxAe1G2phnMsPyFYlx7CHFNs4KfW7CQND+eZHEo8xFVNdnk
sWQs4o4+xv7MB0PhQcDYCfTS3FXwJPdXfwrF4IBq2/ECxcPYP8XviWJSxP3rwDbN
KaImawRfvoqK6yr/pJH96IzDQLv3hUMEeiAuVIfStX/9r+JcGmMYK95QUlJjhQUo
RM+EAGgmC8yrGucNiofh/xK61mNHhm5TRohofFFAM5wGALwXmXsMxkwSBac3jZJx
O1FRBp5Cl6hTBB5Vkp+3
=EWwb
-----END PGP SIGNATURE-----

[Steve]

On Thursday, January 12, 2017 at 10:09:56 AM UTC+4, Steve wrote:
> If a memory stick infected with Bad USB is inserted into a laptop running Qubes with the USB devices running in a VM, does the laptop USB firmware get rewritten by the Bad USB ?

What can I do on a fresh installation on a brand new laptop to ensure that once installed with Qubes the laptop firmware cannot be over written written (assuming I am using an optical drive for installation,) thx

[raah...@gmail.com]

Qubes installs a usbvm called sys-usb by default.

so where you get the iso I guess is the real question. And what usb stick you use to write it on. Maybe someone has some comments on a good usb brand to buy. I buy microcenter.

Where you get the iso is another story. so use your brand new computer to download it. hopefully its coming with an os pre-installed? maybe harden windows first follow these instructions before you boot the os. www.hardenwindows10forsecurity.com, (read the instructions on an older computer not your new one) make sure to follow the qubes install instructions how to verify the key signatures. and then hope for the best. use good security practices. keep stuff as compartmentalized as your mind can handle.

I been in my amazon videos qube mostly since the holidays. ANd so all i do in that vm is watch videos nothing else. I use about a dozen diff vms for different tasks I do on the pc. I log into this yellow colored qube, the default personal, to log into my webmail, google, stuff where i'm not devastated if the password gets stolen. more sensitive stuff in another.

Actually its not true about my amazon qube. I'm actually always in a disposable vm the most out of anything. I use it for all random tasks that don't need credentials.

[raah...@gmail.com]

use rawrite32.exe if your burning it from windows. https://www.netbsd.org/~martin/rawrite32/download.html

[Steve]

On Thursday, January 12, 2017 at 11:37:06 AM UTC+4, raah...@gmail.com wrote:

> Qubes installs a usbvm called sys-usb by default.

If the USB controller is installed in this sys-usb and a bad usb memory stick tried to write to the firmware, am I correct in assuming it is effectively writing to virtual firmware and therefore the actual firmware stays intact ?

[raah...@gmail.com]

I don't believe so but hopefully your machines bios supports enabling iommu/vt-d, so at least the controller will be isolated from the other vms.

[raah...@gmail.com]

I thought you meant infecting your pc out the box. But ya your wireless card is not considered safe either.