diff --git a/README.md b/README.md
index 457fe0e..42fba56 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,9 @@ space, user space, core dumps, and swap space.
 
 - Randomize the addresses (ASLR) for mmap base, stack, VDSO pages, and heap.
 
+- Provide the option to disable the use of legacy TIOCSTI operation which can be
+  used to inject keypresses.
+
 - Disable asynchronous I/O as `io_uring` has been the source
   of numerous kernel exploits (when using Linux kernel version >= 6.6).
 
diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index e795339..ef550e4 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -129,6 +129,13 @@ kernel.perf_event_paranoid=3
 ##
 kernel.randomize_va_space=2
 
+## Disable use of the legacy TIOCSTI operation which can be used to inject keypresses.
+## Will break screen readers as can no longer push characters into a controlling TTY.
+##
+## This is disabled by default when using Linux kernel >= 6.2.
+##
+#dev.tty.legacy_tiocsti=0
+
 ## Disable asynchronous I/O for all processes.
 ## Leading cause of numerous kernel exploits.
 ## Disabling will reduce the read/write performance of storage devices.