I have a question. The only way to ask it is with a hypothetical example.
Lets say a person lives in a country we can call this place Arstotzka just for the sake of the example. And a person buys online a microphone to use for talking to people securely on Qubes with.
So in Arstotzka they learn about this online order and they intercept this microphone before it reaches the home of this person. And they replace the usb microphone with various things. Maybe firmware. Maybe even some sort of device hidden in the USB area.
Here is what I wanna know. What options do people in such a situation have in this case?
I came up with a few ideas my self. But all my ideas are hypothetical and I wanna clarify with you all to see if any of my ideas might work.
-
They buy a USB microphone at a store they trust reasonably enough to sell clean USB microphones?
-
They cut off the USB part at the end of the Microphone and use a sodering iron to attach a new USB attachment at the end which they know is clean?
-
They use a disposable usb vm which will only allow the attached VM to be compromised but prevent dom0 from being compromised. Is that right? Is qubes secure enough that it would stop a compromised microphone from reaching dom0 and compromising it? I was reading in notes somewhere that the new version of qubes coming will have new security for audio so I was not sure if maybe… microphones are not as air tight secure yet?
-
Similar to above, just use Qubes as is because actually its already setup so secure that even if there was BadUSB or a bug in the microphone it self its… it can’t compromise dom0?
-
Take something that can conduct electricity and apply enough electricity to burst any bugs in the microphone. And hope they don’t also ruin the microphone part it self?
-
Attach a USB Adapter they know is secure to the USB microphone and then to the Qubes computer?
-
Try to figure out how to plug in a analog microphone into a Qubes computer? I don’t think Qubes can do this yet though. At least I tried and it didn’t work.
These are all the ideas I could think of. I hope this thread is useful to some of you and someone has some ideas and can help me understand this better.
2 Likes
“Compromised” seems to be the favorite word in some circles without any coherent definition being defined.
The problem with asking “does Qubes OS protect me from a compromised XYZ” is that one must have in mind an idea of what they are seeking protection from. A “compromised mic” does not tell one much. There is no point in listing various mitigations against an abstract definition of “compromised”.
So perhaps start with identifying the threats, are any of those threats relevant to Qubes OS, and are there steps one can take in Qubes to mitigate those threats?
2 Likes
You mentioned a number of things in an attempt to be sure you are not compromised and unfortunately, most will have no effect in the outcome other than damaging the microphone.
What you are describing is a “supply chain” compromise. If the manufacturer did it then your only recourse is to select a product from a company you trust. If it’s intercepted and modified on its way to you then you must have done something really bad enough to get the Government of Arstotzka that mad at you, in which case moving to another country might be the best solution.
Apart from that you might want to investigate a “USB prophylactic” device or plans to build your own. The issue here is that a USB device can masquerade as different devices when plugged into your host. A disk drive can become a keyboard and inject commands to do bad things. Likewise a USB camera/microphone can d the same. The most bang-for-the-buck in terms of security would seem to be placing a device between the two that only allows the protocol you are specifically interested in and denies the nefarious device to emulate a keyboard device.
If you do an internet search for “USB prophylactic” or “USB Condom” you will see a number of devices or hacks to prevent one or another type of exploit. What you need is one that prevents the device from emulating a keyboard device but still permits the device to provide audio. I don’t have the time to research this at the moment but hopefully, you will find something that somebody has already done and is willing to share.
https://duckduckgo.com/?q=usb+prophylactic&atb=v146-1&ia=web
1 Like
In this case Qubes can help, see here: Device handling security | Qubes OS. You just should not give it a privilege to manage your keyboard or mouse (see /etc/qubes-rpc/policy options).
Such devices are also called “data blockers”, though if used for data transfer and not just with charging devices, a conceptually similar but different tool may be necessary.
My only other addition to this is that, if one is purchasing such a device online, one must also consider the possibility that it may be subjected to interdiction or a supply-chain attack as well. If your threat model includes interdiction and supply-chain attacks against electronics you purchase online or receive by mail, then purchasing a USB device to protect yourself from malicious USB devices may not necessarily work. Some exist with clear plastic casing that allow visual inspection of the hardware, but the risk remains.
At that point, your options may be to either build one yourself, preferably from parts you acquire in-person or from a person ordering them as your proxy, or by just using someone else as a proxy purchaser in the first place. If the second, though, then the possibility of having the original product purchased by the proxy is an option, at least if interdiction is the threat (but not supply-chain attacks).
Regards,
John