Any USB Peripheral is a Potential Security Threat

By Marcus Yam
published

Be careful what you stick it into.

The USB ports on a computer present a security risk. Not only are storage devices able to plug in and interface with the hardware, but also coffee cup warmers, fans, and even mini-vacuums.

A team of computer engineers from Royal Military College of Canada in Kingston, Ontario exploited a weakness in the USB plug-and-play functionality. What the team did was create a fake USB device that reported itself as something that computer already recognized.

For example, if the computer already paired itself with a USB camera, a hacker could spoof the same identity on another device.

As a proof of concept, the team designed a USB keyboard that contained a circuit that stole data from the hard drive and transmitted it by flashing an LED in a morse code-like fashion, as well as through sounds output by the sound card. While such methods are hugely inefficient and likely ineffective, it was just a proof of concept of the vulnerability.

Even though virus scanning software may check USB storage for malware, secretly planted trojans inside USB peripherals will likely be missed.

"We've shown any USB device could contain a hardware trojan," said Sylvain Leblanc, one of the engineers. "You could mount a hardware trojan attack with a USB coffee-cup warmer."

(source: New Scientist (opens in new tab).)

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
27 Comments Comment from the forums
  • cmcghee358
    I guess my computer can get herpes from the USB stripper pole now? Anyone got a USB condom?
    Reply
  • icemunk
    Stupid.
    Reply
  • Never saw the point of USB coffee cup Warmers, my EX-Boss had one though, placed in front of his keyboard, missed one day and ended up drowning his KB!
    Reply
  • azconnie
    cmcghee358I guess my computer can get herpes from the USB stripper pole now? Anyone got a USB condom? Dose this count?

    http://www.tomsguide.com/us/Ben-Marsh-Gaming-Mario-Tetris-sex,news-7394.html
    Reply
  • misry
    Had a client once who actually asked about a "remote" control USB vibrator. Would have been something to brag about if she had looked like almost anyone other than the Granny in Hoodwinked. As it was she was a major reason I got out of retail.
    Reply
  • d0gr0ck
    In other news from the Department of Obvious: There's Porn on the Internet!
    Reply
  • wotan31
    Everything is a potential security threat when you run a swiss-cheese of an OS, like Windoze.
    Reply
  • LORD_ORION
    You're missing the point. Mafia types have all sorts of knock offs that they sell. It wouldn't be a strech for them to sell a fake MS Basic Opical mouse with a hardware trojan embedded. You would never know your system is comprimisd.
    Reply
  • insider3
    Great, next thing you know, keyboards come with firewalls and mice have built in anti-virus protection.
    Reply
  • Marco925
    I can only imagine what the USB humping dog will bring to my computer O_O
    Reply