I just after watching a TV programme on cyber security that mentioned just how easy a hacker was able to run code on peoples computers - USB sticks.
A researcher placed an executable file on 100 sticks titled 'CV' with a Word document icon. These sticks were randomly placed to simulate people accidentally dropping them or leaving them behind such as on benches, cafÃ© tables and so on. The executable file did nothing more than ping a server.
Before all the sticks were fully distributed, their server already started receiving pings. So that executable could have been anything a hacker wanted to run such as ransomware, screen capture, keylogger, etc. Of the 100 that were distributed, they received pings from 34 of them, which included university and corporate networks and private individuals.
It also shows that hackers don't need special USB sticks that send keystrokes, etc. - Just ordinary USB sticks with an executable file disguised with an innocent looking file name such as 'CV'.