There are some information on stack exchange about how to mitigate some of the risks for this kind of firmware attacks.
Is there already mitigations in PureOS?
Is there already mitigations in PureOS?
1 Like
Bump, any answers?
Not that I know of.
I also don’t see any reasonable way to mitigate this at the OS level without just blocking all USB devices which isn’t a very good out of box experience for most people.
Sure they could include some software mitigation option in the default set of applications and a guide for how to implement, or they could give you the freedom to deploy as many or as few mitigations make sense for your threat model leaving the default mode of USB devices just work as that threat is almost certainly not in the average users threat model.
This is primarily a threat that is mitigated by not plugging in untrusted devices to your computer and not letting other people plug stuff into your computer.
1 Like