Detecting an unknown USB device may be a valid attack indicator for @null1 .
It’s not a question of “what can they steal/copy from sys-usb”, it’s an answer to the question: “are we being cooked?”, in @null1’s threat model.
Right. I hope you do now.
1 Like