0.1.13 I/O β keyboard, mouse, USB, monitor
In one line: the I/O is everything that crosses the line between the human world and the silicon β and that line is exactly where most attacks come in.
A story β Doug Engelbartβs βmother of all demosβ
On December 9, 1968, in front of a thousand engineers in San Francisco, Doug Engelbart sat down at a wooden box heβd built and gave the most important software demo in history.
In ninety minutes he showed: the mouse (a wooden block with two perpendicular wheels), real-time video conferencing, collaborative document editing, hyperlinks, windowed displays, and dynamic outlining. Half the audience walked out thinking theyβd seen science fiction. The other half went on to build everything that would become Apple and Microsoft.
The mouse alone β patented 1970, popularised by Apple in 1984 β completely changed how humans relate to computers. Before Engelbart, you talked to a computer by typing a command. After Engelbart, you pointed. Every UI youβve ever used is downstream of that 1968 demo.
Whatβs actually going on
I/O (Input/Output) is the boundary between the computerβs electrical insides and the messy outside world. Inputs:
- Keyboard β a matrix of switches; each keypress sends a scan code to the OS via USB or PS/2.
- Mouse / trackpad β sends X/Y delta + button state several hundred times a second.
- Microphone, camera β analog β digital β USB.
- Network port β Ethernet, Wi-Fi, Bluetooth, cellular.
- Storage devices β USB drives, SD cards.
Outputs:
- Monitor β pixel data over HDMI / DisplayPort / Thunderbolt.
- Speakers / headphones β analog audio over jack, or digital over USB / Bluetooth.
- Printer β USB or network.
Most modern peripherals speak USB, the universal hardware/software protocol. USB lets the host PC enumerate devices, install drivers automatically, and share power. USB-C added the ability to do display output, charging, and Thunderbolt-grade data over the same connector.
Why a hacker cares
I/O is the fattest attack surface on the box:
- BadUSB / RubberDucky β a USB stick that pretends to be a keyboard. When plugged in, it instantly types out hundreds of commands (βopen PowerShell, download payload, run, hideβ). Your antivirus doesnβt see it because itβs just keyboard input. Defence: donβt plug in random USB sticks. (Yes, people still do.)
- Malicious cables β USB cables with hidden chips inside that exfiltrate data, or do BadUSB. The βOMG Cableβ looks identical to a normal Lightning cable.
- Juice jacking β public USB charging ports that try to pair as a host and steal data from your phone.
- Keyboards / keystroke logging β wireless keyboard signals can be sniffed (older Logitech receivers were notorious). Hardware keyloggers plug between keyboard and PC.
- Display side channels β TEMPEST attacks read screen content from the electromagnetic emanations of a monitor across a room.
- DMA attacks via Thunderbolt / FireWire β see lesson 0.1.10. A βchargerβ plugged into a Thunderbolt port can read RAM directly.
- Camera / mic hijacking β RATs that quietly enable webcam without the indicator LED. Tape over the camera; physical mic switches on privacy-focused laptops.
For defenders, endpoint USB control (block all USB except specific allow-listed device IDs) is a common enterprise control. Air-gapped systems often have USB ports physically epoxy-filled.
In one sketch
outside world inside the box
ββββββββββββββββββββββββ βββββββββββββββββββββββββ
keyboard, mouse, mic βUSBββ kernel input subsystem
USB drive, BadUSB βUSBββ filesystem driver / device
network packets βEthββ NIC β TCP/IP stack
monitor βHDMIββ GPU framebuffer
speakers βjackββ audio chip
webcam βUSBββ video driver
ββββββββββββββββββββββββ βββββββββββββββββββββββββ
β attack surface
Reference and image credit
- USB_Type-C.jpg β Flanoz, CC0.
Memory peg
I/O = the doorways. Most attacks walk in through them. βDonβt plug it in if you canβt trust itβ is half of endpoint security.