Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There's a reason why you have to add printer drivers to shared printers... Windows will install those automatically. The same mechanism can work for a USB device but I forget the details (it's been a long time). I remember reading about it when that signed driver from HP had a serious privilege escalation vulnerability back in the day (it let you gain "Trusted" level access which was higher than "Administrator" which basically meant re-imaging was the only option to correct such a compromise).

Also, if you configure your USB device to emulate certain other devices those drivers will also be installed automatically via Windows Update. Such drivers may have vulnerabilities or just flat out provide all sorts of privileged access to the system. It's not that complicated, actually... Just change the USB device manufacturer/ID and let Windows compromise itself.



If the bar is loading a vulnerable driver, Linux has a lot of drivers for uncommon devices in-tree. Sure, they are open and largely not written by hardware manufacturers, but I bet some of them are vulnerable to malicious hardware.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: