←back to thread

Investigating an “evil” RJ45 dongle

(lcamtuf.substack.com)
508 points zdw | 1 comments | 17 Jan 25 20:41 UTC | HN request time: 0.201s | source
Show context
throeurir ◴[17 Jan 25 21:17 UTC] No.42743355[source]
So many wtf here. If anything this proves it is backdoored network card

1) downloading Windows exe files from Chinese forums

2) the USB storage provided by network card can still contain malware,

3) or can be accidentally booted from

4) it has universal USB controller, so can become any HID device: keyboard, mouse...

replies(4): >>42743444 #>>42743593 #>>42745142 #>>42745328 #
1. SpecialistK ◴[18 Jan 25 02:41 UTC] No.42745328[source]
1) China is a country, and in that country people use Windows and make /stuff/ that runs on Windows. A flash tool, which was only intended to be distributed to OEMs, only being found on obscure forums is in line with what I've experienced with similar NAND or BIOS flashers.

2) Any USB storage can contain malware. The driver that this one stores is digitally signed by Microsoft as mentioned in the article.

3) If there was a MBR boot block or EFI file, sure. But there isn't. See 2. And that would still require the user to have Secure Boot disabled and USB as the first boot option.

4) So any device with a universal USB controller is "prove[d] backdoored"?