| ▲ | Findecanor 5 hours ago | |||||||||||||||||||||||||||||||||||||
A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1] The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device. 1. https://arstechnica.com/information-technology/2021/08/need-... | ||||||||||||||||||||||||||||||||||||||
| ▲ | globalnode 3 hours ago | parent [-] | |||||||||||||||||||||||||||||||||||||
not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft. | ||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||