Research Finds That All USB Devices Can Be Used For Data Theft
Can your USB keyboard and mouse be trusted? Can anything that you plug
into your USB port be trusted? In a word, no. It's something we all
should have known by now, but the truth is finally coming out thanks to
some new research on the matter. Security experts have known forever
that USB flash drives and hard drives could contain malware and other
viruses, but now we're learning that even strange USB peripherals such
as coffee cup warmers and reading lights could also transmit harmful
data.
Basically, the new research confirms that modified USB devices could be swapped without the knowledge of the end-user, and that modified device could be coded to steal data or otherwise compromise a computer. If you have a specific model of keyboard, for example, and a hacker replaces that with a hacked keyboard of the same model, your PC wouldn't immediately know the difference. This would allow the hacked keyboard to issue compromising commands to the host computer in order to accomplish data theft or implement other exploits.
As many experts have noted, this research opens up a new can of worms. Will this mean that all USB devices used by major companies will now need some other sort of protection? When think about how easy it is to swap a USB mouse or keyboard (among other things), you quickly realize just how easy it would be to compromise almost anything. Yikes.
Basically, the new research confirms that modified USB devices could be swapped without the knowledge of the end-user, and that modified device could be coded to steal data or otherwise compromise a computer. If you have a specific model of keyboard, for example, and a hacker replaces that with a hacked keyboard of the same model, your PC wouldn't immediately know the difference. This would allow the hacked keyboard to issue compromising commands to the host computer in order to accomplish data theft or implement other exploits.
As many experts have noted, this research opens up a new can of worms. Will this mean that all USB devices used by major companies will now need some other sort of protection? When think about how easy it is to swap a USB mouse or keyboard (among other things), you quickly realize just how easy it would be to compromise almost anything. Yikes.
