|
|
|
|
|
|
by lidHanteyk
2232 days ago
|
|
|
What they're trying to get across is that this is not a Bad USB [0] attack, but an Evil Maid [1] attack. In either case, the attacker does not need to rush. To commit a Bad USB attack, the attacker deputizes you and uses your confusion [2] to get you to insert a dangerous peripheral device, on your own time. In an Evil Maid attack, the attacker patiently waits until you trust (read as: "are vulnerable to") their physical presence, and then inserts a dangerous peripheral device. To use your analogy, in the former case, the murderer poisoned your food at the grocer's, and you unwittingly dose yourself when you make your meal. In the latter case, the murderer spends time getting to know you and letting you trust them, and then one day, when you go to the bathroom, they come in and shoot you like Vincent Vega. [0] https://en.wikipedia.org/wiki/USB_flash_drive#BadUSB [1] https://en.wikipedia.org/wiki/Evil_maid_attack [2] http://www.cap-lore.com/CapTheory/ConfusedDeputy.html |
|
|