Hacker News new | past | comments | ask | show | jobs | submit login

This might be a dumb question but wouldn't one solution to the HID-based attack be for the OS to ask the user for permission to allow the new keyboard? As in "New Keyboard Detected: Allow? Y/N" That wouldn't protect against driver 0 days but hey, one step at a time.

Do any OSes have an option to ask the user if connection is ok before allowing it?




What if it's the first HID you connect? How do you confirm?


Whitelist if present at logon and confirm if inserted later ?


I don't know about OSes, but some security solutions do exactly that.


Tails does something like this!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: