![]() Are you sure you want to enable it? If this device is not a keyboard, detach it immediately.” While this system could be defeated, it would make the attack more difficult. Thus, the default keyboard and mouse would be “trusted” once set up, and any new trojan devices would at least wait for confirmation, such as “You have plugged in a new USB keyboard. ![]() Whenever a new HID device is attached, the host should prompt the user before enumerating the device and accepting input from it. Regarding USB “Trojan” HID devices (mice/keyboard devices to the OS), the best defense that an OS could probably provide with the current USB specifications would probably be to track the Vendor ID (VID), Product ID (PID), and serial number (iSerial) that are in the USB device descriptor. There would definitely be some value to user education about the risks, but I would expect most people to plug the device in for one reason or another. I might actually hope for something malicious, just for the opportunity to study it. Would I plug the drive in? Probably, but I’d take some precautions, like using a low-value computer configured for the task.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |