Another Open BMC Bung: Virtual USB Open To Anywhere

Yet another set of "Baseband Management Controllers" has been documented to compromise the systems in which they are implanted (archived). This latest batch of openings allows access from the network to a "virtual USB hub", and that vitual USB hub allows all of the mischief possible with a physical USB port. Or, almost all of it. The virtual USB port can't be meaningfully plugged with virtual epoxy to the same effect a real port can be plugged with real epoxy.

One thought on “Another Open BMC Bung: Virtual USB Open To Anywhere

  1. The funny bit here is that the Supermicro boobytraps are actually the less annoying ones, in that they're only connected to the marked nic jack (rather than in e.g. Intel's — all of the onboard holes.)

    They also appear to actually die when switched off. (At least in the boxes I personally vivisected.)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>