USB devices are ubiquitous: keyboards, mice, headsets and pocket drives and now they have become a potential security threat.
Karsten Nohl, the chief scientist at SR Labs in Germany, has released a report that says malicious software from bad guy hackers can be loaded on to the microcircuitry of USB devices and use to control them. And, to add insult to injury, the little suckers do not have any built-in security to avoid this kind of attack on their internal coding.
Apparently, this doorway through these tiny devices exists because there are, as is usual, bugs in the existing hardware. Usually, these bugs are invisible and unnoticed by users but they are potentially harmful flaws that can result in everything from keystroke software being installed on your connected computers, spyware, or even data destruction.
Nohl isn’t just crying wolf. He was responsible for a presentation last year at the Black Hat Conference that highlighted methods that the NSA was using for surveillance.
In his tests, Nohl said he was able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route Internet traffic through malicious servers.
Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact.
“Now all of your USB devices are infected. It becomes self-propagating and extremely persistent,” Nohl said. “You can never remove it.”
Nohl tested his findings on controller chips made Phison Electronics out of Taiwan, but a company spokesperson refused to acknowledge the veracity of the findings claiming lack of evidences on Nohl’s part in his findings.
Well, that’s one more thing to worry about.