Originally posted by uid313
View Post
Linux 6.13 To Enhance Logic For Trusting Built-In Thunderbolt Controllers
Collapse
X
-
Originally posted by uid313 View PostNo the user wouldn't because the user wouldn't know about it because the USB device would inject the keypresses when the computer was idle and the user not present at the computer. The strange behavior would be so fast to open a terminal, and run some command that the user wouldn't even notice it even if he was there. Even if the user saw it, the user would just ignore it and think it was some normal system update operation happening in the background.
Rubber Duck, Flipper and Co can input all the keystrokes they want if they end up on the lock screen and get counted as invalid logins, shown to you when you come back to the computer.
For example with swaylock --show-failed-attempts
Originally posted by uid313 View PostNo, you can plugin any USB device and the system will blindly trust it.
Originally posted by uid313 View PostThen it should require input devices to be present before boot.
It should display a message like "a input device has been plugged in, if you want to use it, you have to reboot".
Or it needs to be whitelisted in the UEFI settings so that UEFI can use it, but the OS can only allow inputs from an input device after it has been whitelisted in the UEFI.
Comment
-
-
Originally posted by uid313 View Post
The NSA and spy agencies have something similar but very much smaller, it looks like a normal USB cable but acts as keyboard and has a built-in Wi-Fi so you can connect to it remotely.
Comment
-
Comment