Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Any USB Peripheral Is Now a Potential Threat
A group of Canadian hackers have identified and learned to exploit a flaw that allows them to turn any USB peripheral into a sort of hardware trojan horse. Plug-and-play USB devices follow a consistent rule, the device identifies itself to the PC. The computer, by rule, will believe that a UB device is whatever it claims to be; if a keyboard says it's a camera, the PC will register it as a camera.
This trust-by-default design makes it easy for a modified peripheral to collect or transmit data without raising any alarms. As a proof of concept, the Royal Military College of Canada's John Clark, Sylvain Leblanc and Scott Knight modified the circuitry of a keyboard, empowering it to steal data from the host hard drive and then transmit it via Morse code (using a blinking LED).
It'd be just as simple to equip these rogue USB devices with other methods of transmitting data, such as e-mail or FTP, but the researchers' primary concern was simply to show that it is possible to slip a hardware trojan past a computer's defenses. Hackers and spies could easily swap out a keyboard with a modified one, and no one, not even the PC, would be any wiser. The trojan peripheral could come in any form, including a webcam or even one of those USB coffee-cup warmers. [From: Gizmodo and Download Squad]
Charlie Sheen Gets Back To His Roots
The List #0147: Escape a Car Underwater
WHOOPS! Obama Makes Big Gaffe
Visit the Maldive Islands Before It's Too Late
Okla. Sheriff's Deputy Finds Dog Guarding Body Buried Under Destroyed Home
Candid Portraits Of Strippers After Hours
Reptiles Make Home in UK Man's Cable Box
Springtime Budget-Busters -- Savings Experiment
Mariah Carey Curses And Busts Out Of Dress On Live TV
H&M's Plus-Size Model Jennie Runk Says She Chose To Gain Weight
Is This Woman Too Pretty To Work?
That's An Interesting Look, Madge
Mariah Carey Suffers Wardrobe Malfunction on Good Morning America
The Story Behind Hairspray
Jury Foreman: '18 Days Of Testimony Hurt' Jodi Arias
Distraught Mom Becomes Face of Oklahoma Storm
AMAZING PHOTO: UFO Spotted Over San Diego
What It's Like To Talk To A 2-Year-Old
16 Pasta Dishes Worse Than Yours
Killed Soldier In London Attack Identified
Best Friends Reportedly Die Holding Each Other In Tornado
Rapper Accused Of Faking His Own Death To Escape Payments
Danny Tanner Is Fighting With Topanga
New Trayvon Martin Evidence Features Incriminating Photos, Texts From Teen
Luke Wilson Caught Staring At Fan's Chest
Teenager's 'Awww'-Inspiring Drawing Wins Big At Google
LISTEN: Terror Inside Elementary School As Tornado Hits
Pope Francis Says All Who Do Good Are Redeemed - Atheists Included
WATCH: Police Force Shows Up To Support 5-Year-Old Who Lost Her Dad
Surgeons Remove Giant Hairball From Tiger
Jodi Arias Jury DEADLOCKED
LOOK: Photoshop Mistake Is Seriously Cringeworthy
Comments
2
Subscribe to commentsbestplaceJul 4th 2010 2:34PM
Wow! I work in the immigration industry and my client data is extremely confidential! I have enough trouble with the fact that the Patriot Act allows he US government to snoop on any data that is stored on a US-based site. Now, however, it seems that the physical security of my computer systems is vital. All anyone has to do is replace your mouse or keyboard with what could be called a "stealth devce" and they can access whatever data they want.
DigiJul 5th 2010 5:31AM
If someone has physical access to your machine they can do anything. The threat with this is that it can be an ongoing threat. But this is already known and shown in concept over at thinkgeek.com . They have a USB Drive that manipulated your keyboard. Im sure you can also get keyloggers off ebay.