undefined | Better HN

0 pointssnazz7y ago0 comments

My understanding is that it allows an attacker connected to it via WiFi to mess with the plugged-in computer using USB (pretending to be a keyboard).

See the Twitter video: https://mg.lol/blog/omg-cable/

0 comments

muthdra7y ago

A secretly-IoT keyboard that shares your key presses and may "type" malicious stuff when you're not looking at it; the OS wouldn't be able to tell it's not you doing the typing. Not scary at all, no sir.

yipbub7y ago

It can't read your keypresses (I think)

int_19h7y ago

So long as it can simulate them, installing a keylogger that can read them too is a matter of a few seconds (to "type" a PowerShell script that will download and execute the desired payload).

blattimwind7y ago

It can't (unless it's the keyboard cable).

1 more reply

blotter_paper7y ago

I took GP to be speculating about a hypothetical secretly-IoT-keyboard, not the cable being discussed. Similar thoughts are explored in the comments on TFA.

1 more reply

ndnxhs7y ago

Unless the attacker is able to view the screen somehow then this is pretty useless. Or at least no more useful than fake keyboards without WiFi.

heavenlyblue7y ago

PrintScreen/Upload screenshot to web server/Wait for command

Better than that is to just type a PowerShell script that gets all the info immediately and sends it to a server.

ndnxhs7y ago

You can do all of that without WiFi. How is an attacker with no vision of the screen any more useful than a script that can auto type a command to get remote access?

2 more replies

j / k navigate · click thread line to collapse

0 comments

muthdra7y ago

yipbub7y ago

It can't read your keypresses (I think)

int_19h7y ago

So long as it can simulate them, installing a keylogger that can read them too is a matter of a few seconds (to "type" a PowerShell script that will download and execute the desired payload).

blattimwind7y ago

It can't (unless it's the keyboard cable).

1 more reply

blotter_paper7y ago

I took GP to be speculating about a hypothetical secretly-IoT-keyboard, not the cable being discussed. Similar thoughts are explored in the comments on TFA.

1 more reply

ndnxhs7y ago

Unless the attacker is able to view the screen somehow then this is pretty useless. Or at least no more useful than fake keyboards without WiFi.

heavenlyblue7y ago

PrintScreen/Upload screenshot to web server/Wait for command

Better than that is to just type a PowerShell script that gets all the info immediately and sends it to a server.

ndnxhs7y ago

You can do all of that without WiFi. How is an attacker with no vision of the screen any more useful than a script that can auto type a command to get remote access?

2 more replies

j / k navigate · click thread line to collapse