USB ports are leaky – snooping is easy because of a common connection

Snooping is an illegal access to someone‘s data, stored in a computer. It does not have to be high-tech – sometimes snooping encompasses only sneakily looking at someone else‘s screen in the library. Now scientists from the University of Adelaide determined that one computer component makes snooping exceptionally easy – it is USB connections.

USB is the most common connection, but it is far from safe. Image credit: Ed g2s via Wikimedia (CC BY-SA 3.0)

USB is the most common type of connection that everyone uses. It is typically considered to be safe, because information is only sent along the direct communication path to the computer. However, now scientists say that some faulty devices or ones that have been tempered with can in fact damage data, stored in the hard drive. For example, key stroke information can be easily stolen and afterwards people can get your passwords, access your email or, combined with some other efforts, can even steal your banking information. Scientists took a look at more than 50 different computers and external USB hubs and found that over 90% of them leaked information to an external USB device.

Imagine a water pipe that leaks just a little bit. Not too much for you to notice that water pressure is dropping, but just enough to fill a small area with water. That is basically what scientists noticed in USB devices – while it should be transferring only dedicated data, it appears to be leaking something else. This could easily be exploited by hackers. In fact, you can read information travelling through one USB connection using an adjacent USB ports. Scientists tried this concept out by a modified cheap novelty plug-in lamp with a USB connector to “read” every key stroke from the adjacent keyboard USB interface. Modified lamp had a Bluetooth module to send recorded data to another computer. Needless to say, it worked as expected, even though keyboard and the lamp were not directly connected.

You think, you are still safe, because no one has access to your personal computer? Well, that is true, but many people use computers in libraries and a few surviving internet café’s. Furthermore, another research has found that people take USB flash drives from the floor and plug them into their computers. That would be an easy technique to access someone’s data without targeting anyone specifically. Dr Yuval Yarom, leader of the project, said: “The main take-home message is that people should not connect anything to USB unless they can fully trust it,” says Dr Yarom. “For users it usually means not to connect to other people’s devices. For organisations that require more security, the whole supply chain should be validated to ensure that the devices are secure”.

Of course, redesigning USB ports to be safer is a long-term solution. Identifying a problem should help with that. Tempered USB devices can send your data via Bluetooth or even SMS, so do not plug in anything suspicious to your computer.


Source: University of Adelaide

Comment this news or article