Hardware Trojans Have Researchers Second Guessing USB Gadgets



+ Add a Comment

Mark Hanchey

While you could contain malicious code in something like a keyboard controller you still are bound to the rules for whatever device you identify yourself as to the OS. For example you can't connect to the OS as a HID (human interface device), then switch to using mass storage device functions.  Even with something like HID malware it could not execute or do things without the user knowing. It could only do functions within its own category. So a keyboard could do thing like execute a WIN key , and type Run followed by commands to perform actions, but if the user is at the pc they will see that happening. 

Someone could do something malicious like keylog the  inputs then wait till 3am to do a Win, run ftp and upload the saved keys to an ftp and most users would not notice it. That would be the most extreme example I could think of.




So it turns out that all those TV shows where the good/bad guy plugs a USB-something into the computer and bypasses all the security could be true!



I hate duchbags

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.