On 3 July 2010 17:17, Dr A. J. Trickett <adam.trickett@???> wrote:
>
>> One [1] suggests that USB hardware can be used as a Trojan horse to
>> steal your data.
>
> It's possible. Though there are probably easier ways to steal data.
I was wondering about this - but what device would it have to identify
as in order to have a driver load that reads data from the OS? Surely
the security flaw here is purely with any drivers that allow a USB
device to read system activity. I would hope any device that has such
drivers would need to be explicitly configured after plugging in...
If you wanted to hack something by plugging in a USB device, then
surely nobody will notice an extra USB dongle hanging out the back of
their PC (A colleague at work certainly didn't notice the extra mouse
going to the next desk, which allowed weeks of fun as you "tweak" his
computer usage by occasionally moving his mouse around or scrolling
unexpectedly)
Anton
--
Anton Piatek
email: anton@???
blog/photos: http://www.strangeparty.com
pgp: [74B1FA37] (http://www.strangeparty.com/anton.asc)
fingerprint: 7401 96D3 E037 2F8F 5965 A358 4046 71FD 74B1 FA37
No trees were destroyed in the sending of this message, however, a
significant number of electrons were terribly inconvenienced.
