Re: HID and USB in General.
People have posted "free Mice" to finance directors, USB Memory sticks and setup malicious PSUs.
All using HID and hidden storage to maliciously install stuff. At best a console window momentarily appears, or a message saying "the software to use your device has been installed and it's ready to use". Non-malicious storage, cameras, mice, modems etc can generate these messages.
USB is nice idea badly implemented. HID is an even worse implementation. Even on basic physical level why didn't version 1.0 use a cable that would fit either way up and either way round, have power signalling and negotiation for which end is Host / Client and Peer to Peer? Why do USB devices "install" automatically without an OS based explanation of features and confirm / cancel?
Because it was originally only envisaged for keyboard, mouse, joystick etc to replace Master / Slave Serial, Joystick port, PS/2, and AppleTalk (RS422? RS485) etc Keyboard mouse connector. A very lazy narrow view to make it as cheap as possible, though even so MS Win95 didn't originally support it, despite MS being on the committee with Apple and the others.
Firewire (which supported hubs and networking as well as streaming and storage) also has vulnerabilities, but it was killed off by a combination of royalty costs and USB 2.0 (though it was still slower in reality).
Biting the hand that feeds IT
