Any USB Peripheral is a Potential Security Threat

The USB ports on a computer present a security risk. Not only are storage devices able to plug in and interface with the hardware, but also coffee cup warmers, fans, and even mini-vacuums.

A team of computer engineers from Royal Military College of Canada in Kingston, Ontario exploited a weakness in the USB plug-and-play functionality. What the team did was create a fake USB device that reported itself as something that computer already recognized.

For example, if the computer already paired itself with a USB camera, a hacker could spoof the same identity on another device.

As a proof of concept, the team designed a USB keyboard that contained a circuit that stole data from the hard drive and transmitted it by flashing an LED in a morse code-like fashion, as well as through sounds output by the sound card. While such methods are hugely inefficient and likely ineffective, it was just a proof of concept of the vulnerability.

Even though virus scanning software may check USB storage for malware, secretly planted trojans inside USB peripherals will likely be missed.

"We've shown any USB device could contain a hardware trojan," said Sylvain Leblanc, one of the engineers. "You could mount a hardware trojan attack with a USB coffee-cup warmer."

(source: New Scientist.)

Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.

Latest

Best Flash Drives 2024: Fast, Roomy, Pocketable USB Storage

Nintendo forces Garry's Mod to delete 20 years of content — Garry confirms Nintendo is behind Steam Workshop purge

Asus ROG Ally gets official AMD Fluid Motion Frames support for universal Frame Gen without custom drivers

See more latest ►

27 Comments Comment from the forums

cmcghee358

I guess my computer can get herpes from the USB stripper pole now? Anyone got a USB condom?
Reply
icemunk

Stupid.
Reply
Never saw the point of USB coffee cup Warmers, my EX-Boss had one though, placed in front of his keyboard, missed one day and ended up drowning his KB!
Reply
azconnie

cmcghee358I guess my computer can get herpes from the USB stripper pole now? Anyone got a USB condom? Dose this count?

http://www.tomsguide.com/us/Ben-Marsh-Gaming-Mario-Tetris-sex,news-7394.html
Reply
misry

Had a client once who actually asked about a "remote" control USB vibrator. Would have been something to brag about if she had looked like almost anyone other than the Granny in Hoodwinked. As it was she was a major reason I got out of retail.
Reply
d0gr0ck

In other news from the Department of Obvious: There's Porn on the Internet!
Reply
wotan31

Everything is a potential security threat when you run a swiss-cheese of an OS, like Windoze.

Reply
LORD_ORION

You're missing the point. Mafia types have all sorts of knock offs that they sell. It wouldn't be a strech for them to sell a fake MS Basic Opical mouse with a hardware trojan embedded. You would never know your system is comprimisd.
Reply
insider3

Great, next thing you know, keyboards come with firewalls and mice have built in anti-virus protection.
Reply
Marco925

I can only imagine what the USB humping dog will bring to my computer O_O
Reply

Show more comments

Stay on the Cutting Edge

Most Popular