posted on Dec, 13 2009 @ 06:48 PM
reply to post by fumanchu
That's not entirely
If someone had access to your computer via, say, SSH or telnet, it would be possible to scan the PCI bus and get
a list of the vendor/device IDs of every device attached via PCI. It's also possible to do the same for devices attached via USB. Once you have the
list of vendor/device IDs, it's just a simple matter of searching the internet for the drivers that have the same vendor/device IDs. If you already
have access to the machine, copying a file across (or starting the download remotely) is trivial. Once the file is on the target computer, simply
installing the driver is all that's required to get the hardware functioning. Of course, the UI of most OSs will report that a new piece of hardware
has started to work, so the user will most likely notice. Of course, after the driver is installed, some malicious software would have to be
installed to take advantage of it.
But all of this is pointless, as the attacker would first need a method of getting in to your computer, which a decent firewall will stop. Of course,
if you are tricked into running a trojan horse, you're beyond help, as you've essentially given the attacker all they need to compromise your box.