Comment by mrob
1 day ago
You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands. I don't know about Windows, but on Linux it's possible to block USB connections by default and filter them in userspace:
This allows enforcing rules like "never add an additional keyboard". But the USB protocol has no support for strong device authentication, so there's no way to prevent a device from acting like a malicious version of something in the device class you expected it to be without abandoning "plug and play" altogether (a reasonable solution in secure environments where unused ports are often physically blocked).
You can also spoof a keyboard and simulate keystrokes to open terminals and run arbitrary commands
This is what any decent barcode reader does, by the way; and before USB, they would be inline taps that pass through a regular PS/2 keyboard.