Beware USB devices

The #1 community for Gun Owners of the Northeast

Member Benefits:

  • No ad networks!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • MRH

    Never sell your sword
    MDS Supporter
    Oct 5, 2020
    1,716
    Chesapeake Bay
    I have done work at a number of dark sites over the decades, nothing allowed in at all, no cell phones, no USB's, and they even had their own models of our test equipment for me to use to troubleshoot with so they knew they were clean. When I would go into the control rooms at NSA, CIA, FBI, DNI etc. they patted you, wanded you, and the only thing you took in was your clothes and your brain, everything else was locked up outside.
     

    Melnic

    Ultimate Member
    MDS Supporter
    Dec 27, 2012
    15,282
    HoCo
    I actually think I could use something like this at my work for some automation.
     

    Derek1320

    Active Member
    Nov 10, 2009
    791
    Intent is a huge part of it. Deploy only on systems you control or have explicit written consent to deploy (still a gray area, see Coalfire Pentesting case in Iowa.)
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,926
    Nuts. This thread just made me realize I have a vulnerability in my system, and it's the bluetooth keyboard I use.

    I think I may still use it for typing in mundane things, but when it comes to entering passwords, account info, and other PII, I'll use the keyboard on the laptop itself.

    Even though bluetooth range isn't much, and my neighbors homes should be far enough away, why take the chance.

    My primary keyboard is a wired 1990 IBM model M. Made before such silliness as field upgradable (hence alterable) firmware and cordless interfaces.

    Clacks loudly with every keystroke, it makes a unique thunder when I'm going full speed writing documentation. That thing is a tank.
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,926
    Nuts. This thread just made me realize I have a vulnerability in my system, and it's the bluetooth keyboard I use.

    I think I may still use it for typing in mundane things, but when it comes to entering passwords, account info, and other PII, I'll use the keyboard on the laptop itself.

    Even though bluetooth range isn't much, and my neighbors homes should be far enough away, why take the chance.

    Oddly enough DoD views bluetooth keyboard/mouse as more secure than
    regular cordless.
     

    Alphabrew

    Binary male Lesbian
    MDS Supporter
    Jan 27, 2013
    40,749
    Woodbine
    I actually think I could use something like this at my work for some automation.

    The Rubber Ducky and malduino are perfect for automation. Feel free to borrow my Ducky if you want to try it out before you buy one.
     

    whistlersmother

    Peace through strength
    Jan 29, 2013
    8,948
    Fulton, MD
    Nuts. This thread just made me realize I have a vulnerability in my system, and it's the bluetooth keyboard I use.

    I think I may still use it for typing in mundane things, but when it comes to entering passwords, account info, and other PII, I'll use the keyboard on the laptop itself.

    Even though bluetooth range isn't much, and my neighbors homes should be far enough away, why take the chance.

    Bluetooth range no longer matters.

    Blue Sniping increases the range.

    https://www.thesecuritybuddy.com/bluetooth-security/what-is-bluesniping/
     

    babalou

    Ultimate Member
    MDS Supporter
    Aug 12, 2013
    16,019
    Glenelg
    yup

    When conducting Pen Testing of a facility, one of the lowest energy methods to get access is to seed the area with dorked USB Drives. Bathroom, waiting room, coffee shop downstairs, etc. Nothing is 100%, but it is pretty common for an employee to find one and do all the hard work for you.

    happened in Middle East. I use that example. a soldier found one in the parking lot and proceeded to put into a machine on the secure network. Did like 21 million in damages.
     

    rob

    DINO Extraordinaire
    Oct 11, 2010
    3,099
    Augusta, GA
    My primary keyboard is a wired 1990 IBM model M. Made before such silliness as field upgradable (hence alterable) firmware and cordless interfaces.

    Clacks loudly with every keystroke, it makes a unique thunder when I'm going full speed writing documentation. That thing is a tank.
    I actually have about 5 of those that my wife and I use. I even have a brand new, in box, model m from 1990. Mini-din6 to usb is a godsend.

    I love them. You can really feel every keystroke. Plus, If you are at your computer late at night and get attacked by a burglar, you can grab your hefty keyboard, beat him to death with it, turn around, and get right back to work. Blood won't hurt it, and cracking someone's skull wouldn't even scratch it. Maybe a couple of the keycaps would pop off, but that's it. It's really that heavy duty and tough.

    Rob.

    Sent from my SM-G965U using Tapatalk
     

    Alan3413

    Ultimate Member
    Mar 4, 2013
    16,926
    I actually have about 5 of those that my wife and I use. I even have a brand new, in box, model m from 1990. Mini-din6 to usb is a godsend.

    I love them. You can really feel every keystroke. Plus, If you are at your computer late at night and get attacked by a burglar, you can grab your hefty keyboard, beat him to death with it, turn around, and get right back to work. Blood won't hurt it, and cracking someone's skull wouldn't even scratch it. Maybe a couple of the keycaps would pop off, but that's it. It's really that heavy duty and tough.

    Rob.

    Sent from my SM-G965U using Tapatalk

    Hang on to them. A NIB IBM manufacturer (Not Lexmark) model M can easily fetch upward of $200 on eBay. They're built like tanks and will likely outlast me. Wacking the bad guy with the edge of one with definitely send him to the hospital.

    Currently looking for a circa '87 keyboard in decent working condition.
     

    geda

    Active Member
    Dec 24, 2017
    550
    cowcounty
    I do wireless hacking as a hobby. The emissions from the from the IBM keyboards are pretty bad and can be picked up from one room over with $200 in SDR equipment like a hackrf or even maybe with a $20 rtl-sdr. In my case the $5 plastic cased PS2 to USB adapter is completely unshielded and functions as a broadcast antenna. The emissions are enough to make the speakers on the desk crackle. I assume anything typed on that can be picked up from 100+ feet away.
     

    Allen65

    Ultimate Member
    MDS Supporter
    Jun 29, 2013
    7,063
    Anne Arundel County
    I do wireless hacking as a hobby. The emissions from the from the IBM keyboards are pretty bad and can be picked up from one room over with $200 in SDR equipment like a hackrf or even maybe with a $20 rtl-sdr. In my case the $5 plastic cased PS2 to USB adapter is completely unshielded and functions as a broadcast antenna. The emissions are enough to make the speakers on the desk crackle. I assume anything typed on that can be picked up from 100+ feet away.

    I doubt those $5 parts ever underwent FCC Class B Certification testing, which, by law, they should have had before being sold in the US. The filing fees, let alone testing costs, for certification are probably more than the profit from the device's entire production run in Shenzhen. It's a wonder that anything with a low power RF link still works today, with all the noisy stuff emanating in any office or home environment around it. And very, very few consumers are even aware of the issue.
     

    Grampa G

    Ultimate Member
    Jan 11, 2010
    2,451
    Washington Co.
    I think that we must have the same keyboard. I am using one as well and yep you can hear it clicking away from the other end of my home as well.

    I can still remember the nights when my daughter was on the computer typing away on old keyboard and clicking would get louder and faster.

    The Mrs. would ask who made her mad.
     

    Bullfrog

    Ultimate Member
    Oct 8, 2009
    15,158
    Carroll County
    Looks like YouTube links don't work anymore on the new software

    The format changed. Now its a MEDIA tag.

    The good news is, now you can just paste the youtube URL and the software recognizes it, no need to create the YT tags by hand. The bad news is, the old ones are broken until they write a script to find and repair/replace them.

     

    Users who are viewing this thread

    Latest posts

    Forum statistics

    Threads
    274,924
    Messages
    7,259,263
    Members
    33,349
    Latest member
    christian04

    Latest threads

    Top Bottom