I think here the main point, not that good developed in the article, is that the devices powered by USB power have access to the data bus, that is they can be intelligent as such. For example, as a fellow commenter, the USB-powered fan, in a intelligent house, with a USB-outlet (let's call it that way) can actually recognize that is a fan, and can start it if in the house the temperature/humidity is going over a limit, or lower the RPM if the temp has changed. And so on....imagination is the limit, thing of light bulbs, etc, you name it.
The house-computer would automatically recognize such home devices and have rules, like on our computers ( like, oh, this is a HDD, let's offer the option to mount it, etc), would recognize fans, etc.
So this could be the start of an intelligent house. I feel some start-up would deal with this at some point.
The more likely result is you already have poison flash sticks and people putting autorun files in USB supposedly dumb machines. So plug in a hacked USB desk fan, and your laptop is now owned if it enables autorun. There already commercially exist "sanitized" USB cables and adapters which only pass the two DC current leads and don't even have the two data leads wired, so you can plug J. Random Hacker's supposed USB gadget into your laptop without getting owned.
I doubt it. Or I doubt that you understood the idea. How can I put a autorun file on my USB mouse? it's the same idea. If the device is not a USB storage device, how it can serve files? Or why do you imagine that the intelligent house ( and not my laptop - where did you get that? ) would run, hello?, Windows ( the horror ) ?
I think, if something like that would be developed, the base would be 100% on linux. You can plug to my Linux machine any USB device, can't think that you can own it. ( unless you link to some clever exploit ).
I think you missunderstood the idea. A smart house system will be invariably an embedded system, and not a generic multi purpouse PC, which you all reply-ers immediatelly implied.
There is no need for USB mass storage drivers. It will probably have an own class ( USB-home-automation ) that can only do/read/write some sort of data. This kind of closes any type of attack vector based on making the system execute arbitrary code.
So I don't see the fuss with autoruns, or some obscure USB sound card buffer overrun - which was fixed the next day : this will not happen.
LOL its really easy. You've got an empty box of mostly air, so you open it up, solder four wires in parallel, done. All you need is for the victim to plug it in once for a few seconds. Yes this is why its dumb for windows admins not to disable autorun.
"can't think that you can own it."
The flash contains linux_installation.sh with:
#!/bin/bash
clear
echo Run this file as root to install the closed
echo source USB mouse driver for your
echo new "whatever" brand USB mouse.
(insert lots of stuff most folks won't understand which owns the machine and certainly didn't come from any mouse mfgr)
I think you could have hilarious fun on air-gapped networks plugging in wifi dongles and bluetooth dongles mounted inside a USB gadget. How your system responds to gaining a keylogger or another extra HID device or another extra network device would be interesting to watch. Just a COTS keylogger could be interesting.
How do you know the other end of that cable is a mouse unless you dissect the mouse first?
How do you know the other end isn't flash storage? How do you know it isn't a USB hub with a flash device also connected so you'll never notice the mouse doesn't work? What if the mouse is set up to present flash storage with auto run only after it has been connected and left idle for at least a few hours?
USB is not often exploited... but that just means we currently have few defenses and little for security in place which becomes a concern if we start connecting our homes with it. And to other homes. And businesses.
The house-computer would automatically recognize such home devices and have rules, like on our computers ( like, oh, this is a HDD, let's offer the option to mount it, etc), would recognize fans, etc.
So this could be the start of an intelligent house. I feel some start-up would deal with this at some point.