Even a USB coffee-cup warmer ‘can steal your data’
July 3rd, 2010 - 1:41 pm ICT by ANILondon, July 3 (ANI): A USB coffee cup warmer could be a potential thief and steal personal data from your computer, say engineers.
A glitch in how the Universal Serial Bus (USB) works, could make many of the devices attached to your computer, like mouse, keyboard and even the printer, vulnerable to what is called the “hardware trojan”.
Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into.
Computer engineers John Clark, Sylvain Leblanc and Scott Knight at the Royal Military College of Canada in Kingston, Ontario, wondered if a hardware trojan attack could be carried out by other means.
They calculated that the easiest way to introduce a hardware trojan might be via a computer’s USB ports.
The trio found they could exploit a weakness in USB’s plug-and-play functionality.
The USB protocol trusts any device being plugged in to report its identity correctly.
But, for example, if one finds out the make and model of a target user’s keyboard, and swap it with a compromised device that reports the same information - even if it is not a keyboard, the computer won’t realise.
The team designed a USB keyboard containing a circuit that successfully stole data from the hard drive and transmitted it in two ways- by flashing an LED, Morse-code style, and by encoding data as a subtle warbling output from the sound card.
They could have chosen more efficient methods to transmit the data, such as email, but Leblanc said that their main goal was to see if they could steal data without anyone noticing.
“We’ve shown any USB device could contain a hardware trojan,” New Scientist quoted him as saying.
Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks.
“This work opens many cans of worms. A USB device cannot now be trusted - it may have hidden processing capabilities,” said Vasilios Katos, a computer scientist at the Democritus University of Thrace in Greece.
Leblanc agreed with him, saying: “You could mount a hardware trojan attack with a USB coffee-cup warmer.”
The study has been published in Future Generation Computer Systems. (ANI)
- USB 'fingerprints' can help detect data theft - Feb 17, 2010
- New device to catalyse faster data processing - Dec 23, 2011
- Soon, Twitter and Facebook will be available on your cars! - Apr 10, 2011
- Soon, a 'USB' for medical diagnosis - Nov 30, 2010
- 'Smart' hospital beds could improve patient care - Dec 09, 2010
- Device that turns PC into porn tv on sale in China - Jan 17, 2011
- MTNL, Novatium introduce MTNL nova navigator - Jul 07, 2010
- Coming soon: Energy efficient 'smarter' smartphones, slimmer laptops - Feb 28, 2011
- US attempt to 'assassinate' Osama bin Laden thwarted: Al-Qaeda - Feb 10, 2011
- Now, your vintage typewriters can look modern - Apr 25, 2012
- Vodafone launches mobile wi-fi device - Mar 14, 2011
- Tiny device from IIT-Kanpur can prevent derailment - Nov 14, 2011
- A card for medical emergencies - Jun 09, 2011
- A step closer to faster computing - Oct 27, 2011
- Indian IT experts devise technique to fight deadly bots - May 17, 2012
Tags: bus usb, code style, coffee cup, computer engineers, kingston ontario, leblanc, morse code, mouse keyboard, new scientist, royal military college, royal military college of canada, scott knight, subtle changes, target user, trojan attack, universal serial bus, usb device, usb keyboard, usb ports, usb protocol