Shmoocon #4

Watched this one. Well, the presentation section. They were in the Q&A at least, maybe.

I have the vaguest understanding of what he had done, and was trying to do, with regards to taking control of systems with a rogue keyboard.

Fascinating stuff to be sure, but I keep having this thing pop through my head about likelihood.

Yeah, you can do this stuff, but what’s the LOE, and what’s the probability somebody actually would do it?

When you have physical proximity to a system, can you do it within the access window?

I guess I really considered likelihood when I was younger.

I guess I did some when doing hardware integration, but for something like what was covered in the session, none of this is at all likely to happen.

As I’ve written before, cars and cooking are too-often captured metaphors, but it’s the first thing that came to mind; I’m sure you could manufacture a tire with a bulletproof sidewall, But why would you? It’s going to be heavy, and more expensive than most people whold be willing to pay for a tire.

Coming back to the keyboard, what are the chances someone would be in proximity to your PC or phone long enough to get in?

The vendors are rolling out patches that eliminate the vulnerability the speaker used. It’s a very simple fix. To a problem most people will never experience. That doesn’t mean it shouldn’t be fixed, of course, but why lose sleep over it??