controller icon indicating copy to clipboard operation
controller copied to clipboard
verified publisher icon kiibohd

Enabling debug console by default poses a security risk

Open ntietz opened this issue 9 years ago • 1 comments

Currently, the debug console is enabled by default. On OS X, this means that any user of the system (which is, by definition, a multi-user system) is able to read any key that is pressed on the keyboard.

This is enabled by default for both custom-built firmware and for firmware downloaded from the configurator tool. This is a dangerous default, and not behavior that users would expect.

I suggest disabling this by default, and allowing users to enable it if they need that functionality (as most users will likely not). I will be submitting a pull request with this fix shortly.

ntietz avatar Oct 12 '16 02:10 ntietz

I'm still tracking this. The more I've thought about this...the more I agree with it. Still not quite ready yet, but I will once HID-IO is ready.

haata avatar Oct 03 '17 07:10 haata