$2 WeAct Display FS adds a 0.96-inch USB information display to your computer

[fooker]

What's stopping this thing from keylogging or inserting keystrokes?

Malicious USB devices are fairly common, and this certainly has the 'right' form factor.

There's a reason 'do not plug in a USB drive you have found in the parking lot' is reiterated in every corp security training.

[userbinator]

Keylogging? Just how do you think it can read any keystrokes?

As for inserting keystrokes, that will be obvious if it enumerates as a keyboard.

You should turn down your paranoia a little more.

[6c696e7578]

I think the paranoia stems from the HID inserting winflag+r, powershell curl https... which installs keylogging software. It can do that after a 10 minute or so countdown timer so it might not seem immediately obvious, or might seem like part of a auto-update with powershell postinstall.

[fooker]

The paranoia stems from this being a suspiciously cheap device that is meant to be ordered in bulk from China.

[aaronmdjones]

> As for inserting keystrokes, that will be obvious if it enumerates as a keyboard.

This is true, but this also doesn't need to happen at insertion time. An HID keyboard can show up, say, 3 hours after you plug it in.

I miss grsecurity's patch set so much. It had an option to defeat this (deny all USB device enumeration post-boot, i.e. after the kernel executes init).

[fooker]

There are plenty of USB keyloggers available for purchase right now.

While I can try and conjecture how those might work, that's not really in my lane.

[aaronmdjones]

Those work by sitting between the real keyboard and the computer, often deliberately designed to appear as an innocuous adapter (say, a USB-A keyboard plugged into a PC's USB-C port or vice versa) or extension cable.

[croes]

The better attack vector would be the programs you need to use the display

[phito]

You need to install an executable on your machine.