(no title)
walrus01 | 7 months ago
A) remote desktop software such as anydesk
Or
B) a kvm over IP device providing a virtual video, keyboard and mouse session to a remote user over html5/tls1.3
If it's option (b), unless this laptop farm operator had in their possession some special DPRK provided unit that identifies its USB manufacturer ID and device ID as something innocuous, this is a problem.
People are not using sufficiently tight endpoint security policies and logging to identify USB devices that identify themselves as kvm over IP bridges. Or just permit listing a certain set of allowed external USB keyboards and mice (company provided).
vel0city|7 months ago
And it doesn't have to be some special fancy device. Lots of open source KVM platforms out there let you choose whatever device ID appears for your keyboard and mouse. Here's how to make your PiKVM show up as whatever monitor, keyboard, mouse, cdrom, flash drive, whatever you want.
https://docs.pikvm.org/id/
Unless you're not allowing anyone to use any kind of external monitor and you're not letting anyone use pretty generic and common external keyboard and mice your endpoint software is going to be pretty useless. Even if you give them a mouse and keyboard, all they have to do is tell the remote attackers "its a Logitech MK200 keyboard and mouse" and they can make the PiKVM look like a MK200 keyboard and mouse. Same if you try to limit it to only some specific monitor. EDID data can be easily faked, there's no cryptographic validation of USB device IDs or monitor EDID data at all.
mittensc|7 months ago
Change device id to the whitelisted ones.
Then use a hdmi to usb video capture and grab frames from that on the same pico.
That's something very easy to do.
quick cost is 14E, a pico (7E) plus usb to uvc (~7E)