This USB attack and LPE exploit by to completely compromise Android devices is absolutely incredible. bugs.chromium.org/p/project-zero - "communication with new USB devices should be limited while the screen is locked" -- 😂
Conversation
Attack vector still there in Android 9 on unlocked device by using e.g. a rogue charger. It was mitigated long time ago by in AndroidHardened by using deny_new_usb kernel patch from . Not implemented neither in aosp nor upstream kernel.
1
2
3
It hasn't worked that way for a long time and doesn't use an on/off toggle. That looks like an early release from several years ago. It uses code in the lockscreen and defaults to disabling new USB peripherals when locked with the option to always or never disallow them instead.
The sysctl won't ever be landed upstream because kernel.org/doc/Documentat is available and doesn't want an overlapping feature. The simpler approach can be mapped onto that without needing a patch.
Hooking it into the lockscreen is trivial: github.com/AndroidHardeni.
1
1
I have had to rewrite it for Android 9 from scratch and added it under security section
1
The point is that both CVE-2018-9445 and CVE-2018-9488 are just a particular cases of the fundamental problem which is still there and not fully mitigated, though it must have been fixed long time ago. And what's really scary millions devices will never be fixed anyway.
1