On Mon, Aug 4, 2014 at 5:45 AM, Tobias Gogolin <usertogo@gmail.com> wrote:

> How serious is this? Could it be used to achieve some cool and unusual
> functionality at unexpected places?

This is not new, not a bug, and is fundamental to the design of USB.
The security risk comes in the trust model implemented by the
operating system.  Because plugging a USB device into a machine
implies physical access, and all systems can be compromised with
physical access, most operating systems have implied trust in USB
devices.

The solution is to implement a proper trust model for USB devices in
your operating system.  This would include the BIOS for devices
accessible through it at boot time.

-p.
--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.