[michaelt]

You can get a 'USB rubber ducky' [1] which emulates both a USB memory stick and a USB keyboard, allowing you to script keystrokes for the keyboard [2]

So it can do anything a newly plugged in keyboard can do. Which, if the user is already logged in, makes grabbing the user's files easy.

[1] https://shop.hak5.org/collections/usb-rubber-ducky/products/... [2] https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

[daffy]

This will only work, I suppose, if the attacker knows beforehand a keychord that will focus a terminal.

[DarkWiiPlayer]

on most desktop linux distros: <windows>terminal<enter> is enough

[jonathanstrange]

Hehehe...on my machine that selects "Emacs (Terminal)". Good luck with those key combos...