Thursday, 22 January 2015

Firmware 0.97

Firmware 0.97 is now ready. It will be available within next 1-2 days with upcoming InputStickUtility update. Here is a list of most important changes:

  • Supports both Bluetooth 2.1 and Bluetooth 4.0 modules. InputStick with Bluetooth 4.0 module will be available really soon, more details will be posted a bit later.
  • Pairing PIN can be changed.
  • Pairing PIN can be restored to default value (1234): press NumLock, CapsLock or ScrollLock 15 times during first 30 seconds after plugging InputStick into USB port (Windows only).
  • Fixed bug when mouse interface did not work when InputStick was plugged into USB port before turning on USB host.
  • Added gamepad functionality: 4 axes, 16 buttons.
  • Added USB resume functionality (wake up USB host). USB host must supply power when in suspended state.
  • Text can be typed up to 4 times faster.
  • USB PID and VID can be modified by user.
  • Authentication attempts limited to 1 every second to prevent bruteforce attack.
  • If password protection is not enabled, device will be locked 30 seconds after being plugged into USB port. When locked, it will be not possible to: set password, change PIN or upgrade firmware. Other functions will work normally.

3 comments:

  1. Awesome news! I just love the new features and the bugfix will come in quite handy.

    ReplyDelete
  2. I'm glad the gamepad functionality is here! I also like that text can be typed faster, though it is already screaming fast.

    In fact, is there a way to selectively slow it down? I have a BIOS password that doesn't let me type more than a couple characters per second, which means that password must by typed manually by me instead of via the KeePass2Android compatible app.

    "If password protection is not enabled, device will be locked 30 seconds after being plugged into USB port. When locked, it will be not possible to: set password, change PIN or upgrade firmware. Other functions will work normally."

    What attack scenario is this preventing? I'm not sure if 30 seconds is enough time for my device to connect to a new InputStick and set an encryption password, especially if I decide to make it a complex password. It seems like a big usability reduction for an unlikely attack scenario.

    Of course, I could be reading it wrong or not thinking of some big vulnerability. Either way, could you expand on why you've added this? I'd love to hear more.

    Thanks for continuing to update this great device! I am definitely glad I got one.

    ReplyDelete
    Replies
    1. If you connect within 30 seconds it will remain unlocked as long as you are connected. This is supposed to prevent following scenario: InputStick without password protection is left in USB port, anyone can remotely set password protection and as a result you will be forced to go through "restore defaults" procedure. If InputStick is already password protected then this new feature won't affect its behavior.

      As for slower typing, this shouldn't be a problem, I'll try to add such option in next update of the KP2A plugin.

      Delete