Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the claim is that plugging in the USB device is enough. If people needed to try running an executable from the device, some devices would still be compromised, but with lower frequency. I don't know exactly what happens. Automatically-triggered 'driver' install that is actually malware? Presenting as a keyboard and typing commands? Low-level cracks in the OS USB stack?

It feels to me more like OSes ought to be more secure. But USB devices are extremely convenient.





Usually presents as a keyboard that types commands, yeah. Win-R -> powershell -> execute whatever you want.

E.g. https://shop.hak5.org/products/usb-rubber-ducky

reply


Still fits "It feels to me more like OSes ought to be more secure."

New USB-HID keyboard? Ask it to input a sequence shown on screen to gain trust.

Though USB could be better too; having unique gadget serial numbers would help a lot. Matching by vendor:product at least means the duplicate-gadget attack would need to be targeted.

reply




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: