Reply to post: Re: Yes, that's one of the bad design decisions of USB

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops

heyrick Silver badge

Re: Yes, that's one of the bad design decisions of USB

This might be simplistic and stupid, but why not just have the computer ignore USB devices until the user specifically clicks a doodah saying "Yes, I want to use this device" ?

The problem isn't that USB is insecure (things can be spoofed, but spoofing works all over the world - think about fake licence plates and counterfeit money), the problem is that the operating system will see a device, blindly install drivers for it (if it can), and then start talking to it. It is useful that one can plug in a new USB harddisc and it'll "just work", but it is considerably less useful when you take a moment to consider the opportunities that present themselves if the computer will not only install the device but would go a step further and try using and/or autorunning it. The possibilities are... worrying.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon