Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps some kind of time lapse would solve that problem. The USB won't execute anything for x minutes while you inspect what it is really doing (if it's your keyboard or mouse, do nothing). If nothing is done, allow the USB to load its drivers, etc...


Would it be possible to:

1. Connect innocently as a plain storage device 2. Wait a period of time or even monitor voltage fluctuations to guess when the user is not at the computer. 3. Disconnect and reconnect (or a new side-connection?) as a HID device

Users often won't mentally associate the long-delayed attack with the USB stick, and if it attacks when they are AFK the timer might hit 0 in total secrecy.


Absolutely true. The time lapse is only to allow the user to inspect the drive before it is allowed to execute arbitrarily. That may not actually be possible now that I think about it, so the idea is bunked anyway.


I just have to add Sleep(60 minutes) to my fake HID device and it will bypass this. You cannot blackhole HID input for an hour.


I'm not sure what that accomplishes. In order to provide input, the HID device must register itself with the OS, in order for the driver to be set up, etc. Sending HID messages without actually enumerating a HID device isn't going to work. Waiting 60 seconds to provide input doesn't change the fact that it has to tell the OS it can provide input in the first place. Yeah, it could wait 60 seconds to say "hey, a HID device just got plugged in", but that doesn't actually bypass the safety mechanism...


It can always tell the OS that it is a USB hub, so nothing precludes it from being seen as two USB devices (HID and storage)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: