Any USB Peripheral Is Now a Potential Threat
A group of Canadian hackers have identified and learned to exploit a flaw that allows them to turn any USB peripheral into a sort of hardware trojan horse. Plug-and-play USB devices follow a consistent rule, the device identifies itself to the PC. The computer, by rule, will believe that a UB device is whatever it claims to be; if a keyboard says it's a camera, the PC will register it as a camera.
This trust-by-default design makes it easy for a modified peripheral to collect or transmit data without raising any alarms. As a proof of concept, the Royal Military College of Canada's John Clark, Sylvain Leblanc and Scott Knight modified the circuitry of a keyboard, empowering it to steal data from the host hard drive and then transmit it via Morse code (using a blinking LED).
It'd be just as simple to equip these rogue USB devices with other methods of transmitting data, such as e-mail or FTP, but the researchers' primary concern was simply to show that it is possible to slip a hardware trojan past a computer's defenses. Hackers and spies could easily swap out a keyboard with a modified one, and no one, not even the PC, would be any wiser. The trojan peripheral could come in any form, including a webcam or even one of those USB coffee-cup warmers. [From: Gizmodo and Download Squad]