Experts Observe that USB Devices are Potential New Type of Attacks
The Economic Times reported on 31st July, 2014 revealing a recent new research confirming USB (Universal Serial Bus) devices like keyboards, mice and thumb-drives can be employed to hack personal computers which avoid all popular security protections in a new type of attacks.
The Economic Times reported on 31st July, 2014 quoting Karsten Nohl, Chief Scientist with SR Labs of Berlin, as saying "attackers could load malware onto minute low cost computer chips which run functions of USB devices without having any built-in shields against interfering with their code.
Nohl said that it is not possible to know the source of the virus and it is almost like a magic trick.
The research reveals that bugs in software employed to run small electronics components which are not visible to the average user of computer and this can be very dangerous when attackers figure out how to exploit them.
Nohl said that his company has attacked by penning malicious code used onto USB control chips in smartphones and thumb drives. He added that when the USB device is attached to a system, the malware can log keystrokes, spy on communications and demolish data.
The concept behind the research of Lell and Nohl is that the infection can travel both from USB to computer and vice versa. Whenever a USB device is plugged into a computer, its firmware could be reprogrammed by malware into that computer without being detected by the owner of the USB device. Similarly, any USB device could infect a computer of the user. Nohl says that it goes both ways and nobody can trust anybody.
The rsearchers created a malware namely BadUSB which can spread from USB to PC and back without being detected raises questions about possibility of usage of USB devices securely at all.
Wired.com published news on 31st July, 2014 quoting Matt Blaze, Computer Science Professor with University of Pennsylvania, as saying "We all know that if you give me access to your USB port, I can do bad things to your computer. Hence it demonstrates that it is also possible to go other way round which suggests that threat of infected USB devices is a very grave practical problem.
» SPAMfighter News - 08-08-2014