Just because the device says it's a keyboard without "looking" like one, doesn't mean it's suspect. Lots of input devices chose to use the human interface device (HID) USB class, since it's often simpler and has the (huge) benefit of not requiring custom drivers.
A barcode scanner, for instance, can be designed so that it just sends the digits contained in the code when you scan, and thus magically work in applications that just have regular text entry boxes in their UI.
The Yubikey (http://www.yubico.com/products/yubikey/) is another example, where a security-conscious company have chosen the keyboard HID method of delivering encryption keys to host computers.
>> Just because the device says it's a keyboard without "looking" like one, doesn't mean it's suspect.
You forgot the part about its fake USB DEV/PROD ID (masquerading as an Apple keyboard) and the part about trying to send local data to some "masked" URL.
"While we now look for incoming malware on the TCP/IP connections, clearly we
need to similarly monitor the other ports as well; you can do just as much
damage (or more) with a insider keyboard attack, given some social
engineering. Is the power line next?"
The power line has already been used, but not in the incoming direction.
It was successfully used many years ago to smuggle information out of a highly secured place by modulating the power usage of a drive array, this was enough to allow a sensor coil placed around one of the wires powering the installation to pick up the bits.
Slow as hell, and probably quite noisy but it did work.
I wished I could dig up a citation for it, it was quite an impressive hack, and they never did figure out who did it.
The hack I'm referring to was somewhere in the 70's or 80's, I heard about it in the 80's (86 or so).
I'm sure it's been done plenty of times though, not just recently. The nasty thing about it is that such a leak can be in place for a long time before it is discovered.
Which states that it was introduced in '98, but I'm quite sure of when I heard about it because I remember who told me (a systems programmer for a bank that I worked for in those years).
There was another presentation at Defcon about attacking USB drivers with rogue devices. Basically, they programmed a USB-enabled microcontroller to present a malformed ID string and could use it to inject and run arbitrary code.
We got the idea from the same hack you mention; though as with yourself my boss cant recall any other details apart from remembering it sounded really cool at the time :D
This isn't particularly more dangerous than the autorun crap most OSes will happily do when you put in a CD. I don't know who could have possibly thought that was a good idea.
A barcode scanner, for instance, can be designed so that it just sends the digits contained in the code when you scan, and thus magically work in applications that just have regular text entry boxes in their UI.
The Yubikey (http://www.yubico.com/products/yubikey/) is another example, where a security-conscious company have chosen the keyboard HID method of delivering encryption keys to host computers.