Skip to content

Rittal sends USB sticks that act as keyboards – as advertisement

Holger Köpke got a USB stick (article in German) that supposedly is from data center equipment maker Rittal, unsolicited, in the mail. Of course he did not plug it into a device, it could be anything.

He then (from his first comment in the same article) set up a test VM on a scratch device, inserted the USB stick there and the stick identified not as USB memory, but as a USB HID, a keyboard. Seemed that he was right not to trust it. Sends a mail to Rittal explaining them why he thinks this is dangerous, and asks if this is indeed legit.

Gets a response (another article in German), a letter as a PDF sent by email.

Dear Mr Köpke,

first off thanks for your mail, which we are taking very seriously. We confirm that the letter in question is indeed a legit Rittal ad action. When choosing the contractor producing it we took great care to select a specialist for that. The contractor confirms that the sticks produced do not contain malware. We also checked that again, internally.

To leave the user a choice of using the stick or following the link manually, it is also printed on the mailing.

Again, thanks for the headsup. If you have more questions we are of course available.

Regards…

There is so much to learn from all of this.

Published inHackerterrorcybercyberNeuland

One Comment

  1. Dirk Haun

    I got something like that as a welcome “gift” from my new health insurance two years ago: http://hirnableiter.tinycities.de/article.php/krankenkasse-webkey-hack (in German)

    The letter I got in response to my complaint sounded pretty much like the one quoted above.

    The amount of stupidity behind such a decision is mind-boggling. The waste aspect (producing a piece of electronics just for the single purpose of opening a website), the security implications, the possible negative backlash (which didn’t happen back then and probably won’t happen now). And to think that this happened at a large institution, i.e. it must have been approved by several levels of management and nobody intervened …

Leave a Reply

Your email address will not be published. Required fields are marked *