Copy and paste code for electrical engineers.
A German security researcher has revealed that one model of Fujitsu wireless keyboard will accept unauthenticated input, despite the presence of AES-128 encryption. Matthias Deeg discovered that the LX901 would respond to unencrypted but correctly formatted keystroke commands broadcast nearby. The set is normally shipped as a …
Given a blind keyboard input to an unsupervised PC, I'm pretty certain I could do a lot of mischief without needing to see the VDU so long as I knew the OS it was running.
For example, if it is running Windows, then entering the "Windows" key is likely to get the OS to a known screen. From there you can run any program already on the PC by entering a known series of keystrokes. You could for example run a hex editor and upload a program by entering hex bytes of the binary, saving it then running it.
yes, but don't forget the PC would also need to be left logged in and unattended for certain amount of time (I instinctively WinKey + L when I leave my desk).
However I would suggest that you don't need to type into a hex editor blind. You just inject a whole series of commands automatically as a set routing which would have the desired results - just as you notice the target standing up to go to the bathroom and before their PC timeout occurs.
assuming, that is, your attacker is not the sort of agency that can get away with very high power outputs without attracting attention from the authorities.
I doubt your attacker is likely to be around and broadcasting by the time "the authorities" get around to investigating. It's not like there are bright orange lightning flashes or other obvious warnings that someone is using an (illegal) power amplifier. How hard is it to amplify a 2.4GHz signal? Don't know. Never tried it. But my first hit on a search for "2.4ghz repeater price" is a "WiFi Signal Booster 2.4Ghz 802.11b/g/n Signal Extender ... Price: $30.99 & FREE Shipping."
Biting the hand that feeds IT © 1998–2020