The Israel-based duo pried apart and compromised KVMs (keyboard video mouse) units such that they could download malware and compromise attached computers.

The attack, demonstrated at the Chaos Communications Congress in Hamburg last month is notable because KVMs are used to control multiple machines. A compromised unit would not be immediately suspicious to most admins and could compromise all computers that attach to it, using those with internet links to stay updated and exfiltrate data.

The KVM would download malware from an internet-connected machine and pass it into the unit’s memory.

Source: Checkpoint chap’s hack whacks air-gaps flat