Vulnerable USB devices
This research has been carried out by the scientists at the University of Adelaide in Australia. According to the project leader, Yuval Yarom: “Electricity flows like water along the pipes.” “In our project, we showed that the voltage fluctuations of the USB port data lines can be monitored from the adjacent ports on the USB hub,” he adds. This scenario implies that an attacker can use a maliciously configured USB device, inserted in a nearby port and with which it will be able to subtract information. This is done through the electrical signals transmitted by the USB itself. The researchers say that an attacker could collect this data and use an Internet connection to send it to their own server. Anything that goes unencrypted through the ports of adjacent USB devices can be collected very easily.
Practical test
They did a practical test to prove that their theory is possible. For this, they used a small lamp that connects by USB. They modified their connector in such a way that it was able to record each press on an adjacent keyboard also connected by USB. All this data that the lamp collected was sent to a computer via Bluetooth. They add that it is not at all difficult to attack users in this way. They assure that a great percentage of users connects USB ports of random form without knowing really its origin. For example at work. Simply plug in a USB stick to print a document. We can not assure that this is not modified in any way with which to collect data of another device that we have connected. “The first message we can give to normal users is that they should never connect anything to a USB port unless they can fully rely on it,” said one of the researchers. The full investigation, which has not yet been filed, will be made public next week at the USENIX Security Symposium in Canada.
Security is more important
At other times we have seen how important it is to keep our equipment updated and with security programs. This helps us to avoid potential functionality issues and ensure that we can work properly with our team. Moreover, in this article, we have seen that how an attacker or a hacker could easily attack us just by using a USB that we do not know its origin can put our privacy at risk. So, what do you think about this security flaw? Simply share your views and thoughts in the comment section below.
Δ