USB devices can be hacked maliciously



USB hackers SR Labs

USB devices are ubiquitous: keyboards, mice, headsets and pocket drives and now they have become a potential security threat.

Karsten Nohl, the chief scientist at SR Labs in Germany, has released a report that says malicious software from bad guy hackers can be loaded on to the microcircuitry of USB devices and use to control them. And, to add insult to injury, the little suckers do not have any built-in security to avoid this kind of attack on their internal coding.

Related: Aircraft can be hacked in flight says researcher

Apparently, this doorway through these tiny devices exists because there are, as is usual, bugs in the existing hardware. Usually, these bugs are invisible and unnoticed by users but they are potentially harmful flaws that can result in everything from keystroke software being installed on your connected computers, spyware, or even data destruction.

Nohl isn't just crying wolf. He was responsible for a presentation last year at the Black Hat Conference that highlighted methods that the NSA was using for surveillance.

According to Reuters:

In his tests, Nohl said he was able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route Internet traffic through malicious servers.

Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact.

Related: Why there is no such thing as security

"Now all of your USB devices are infected. It becomes self-propagating and extremely persistent," Nohl said. "You can never remove it."

Nohl tested his findings on controller chips made Phison Electronics out of Taiwan, but a company spokesperson refused to acknowledge the veracity of the findings claiming lack of evidences on Nohl's part in his findings. 

Well, that's one more thing to worry about. 



Joe Jejune

I am a gadget freak and love everything about technology. In my day job I work at a startup and help build applications for the healthcare industry. 


More

Health and fitness devices and apps raise some serious questions

There are some serious questions about the emerging world of health and fitness devices and apps.

Windows 10: How'd We Get Here? Why You'll Love It

Microsoft is listening again and this product addresses virtually all of the pain points I’m aware of in Windows 8.

Police and government confused and frightened by encryption

Police, the FBI and others in the government express concerns about Apple’s and Google’s implementation of encryption.