[elric]

I've seen banks disable USB ports by means of hot glue.

Hardware attacks are super hard to defend against. Depending on your threat model, drastic measures might be warranted. Anything with a USB plug can be a keyboard with an attack payload (e.g. Rubber Ducky). And if you think you can whitelist devices based on USB class or some identifier, you're wrong as they can be spoofed. Heck, there are "USB C cables" that are really attack payload delivery systems (e.g. O.MG Cable).

It's a scary world out there. Stay safe.

[transpute]

Banks could ask known-good keyboard vendors to implement PKI auth. Intel has a spec for PCIe device authentication, based on USB-C authentication, https://www.intel.com/content/dam/www/public/us/en/documents...

[tiberious726]

Like this: https://www.cherryamericas.com/secure-board-1-0

[transpute]

Fantastic, thanks for the pointer!

[elric]

I hadn't heard of either PCIe auth or USB-C auth. Thanks for sending me down that rabbit hole!