[Info-vax] OpenVMS versus Windows/GE Telemetry Control Systems.
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Wed Jan 16 15:26:59 EST 2013
On 2013-01-16, Paul Sture <nospam at sture.ch> wrote:
> In article <kd67li$gks$1 at dont-email.me>,
> Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>
>> IOW, you might think to vet files on a mass storage device before
>> allowing access, but did you also think to vet something which looks
>> like a keyboard ?
>
> IIRC a few years ago Apple issued a firmware patch/upgrade for their
> aluminium keyboard because a keylogger which could lodge itself on those
> keyboards had been found in the wild.
>
I wasn't aware of that specific incident.
The problem of course is that a USB device is generally just a MCU (custom
or standard) running some application specific firmware.
If you can modify the firmware (as in your example above) or introduce
your own USB device, built around your own MCU and firmware and designed
to look like a legitimate device (as in my previous example), you can do
quite a bit of damage given the functionality of a typical USB host stack.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list