Hardware Trojans Have Researchers Second Guessing USB Gadgets
Hardware Trojans Have Researchers Second Guessing USB Gadgets
Posted 07/05/2010 at 6:07am
| by Paul Lilly
3
Comments
Print
Here's a scary thought - while you sit there firing foam projectiles at co-workers, your USB rocket launcher could be harvesting your personal data and sending it to a snooper. What's worse, your security software would be none the wiser.
This would be an example of a hardware trojan, which up to this point were mostly considered to be modified circuits. A hacker might, for example, intercept a microchip while it's still in the factory and code subtle changes into it so that whatever device the chip goes into ends up crashing.
John Clark, Sylvain Leblanc, and Scott Knight, three computer engineers at the Royal Military College of Canada in Kingston, Ontario, set out to prove that a hardware trojan could be sent out by other means, specifically by exploiting a weakness in USB's plug-and-play functionality, New Scientist reports. Because the USB protocol blindly trusts any device being plugged in to honestly report its identity, a hacker would need only to switch it out with a compromised device that reports the same information.
To show that it was possible, the team assembled a keyboard with malicious circuitry that was successfully able to swipe data from the hard drive and transmit it in one of two ways - by sending out Morse code via LED flashes, and by encoding data as a subtle warbling output from the soundcard. The transmission isn't limited to these two examples, however, and could just have easily been sent via email, but the team was more interested in seeing if they could steal information on the sly.
"We've shown any USB device could contain a hardware trojan," says Leblanc. "Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks."
Leblanc went on to say that "you could mount a hardware trojan attack with a USB coffee-cup warmer," so the next time someone asks how you like your coffee, "malware free" might be an appropriate response.
More like this
3
Comments
Comments are closed on this article
Mark Hanchey
July 06, 2010 at 3:36am
While you could contain malicious code in something like a keyboard controller you still are bound to the rules for whatever device you identify yourself as to the OS. For example you can't connect to the OS as a HID (human interface device), then switch to using mass storage device functions. Even with something like HID malware it could not execute or do things without the user knowing. It could only do functions within its own category. So a keyboard could do thing like execute a WIN key , and type Run followed by commands to perform actions, but if the user is at the pc they will see that happening.
Someone could do something malicious like keylog the inputs then wait till 3am to do a Win, run ftp and upload the saved keys to an ftp and most users would not notice it. That would be the most extreme example I could think of.
rseding91
July 05, 2010 at 5:29pm
So it turns out that all those TV shows where the good/bad guy plugs a USB-something into the computer and bypasses all the security could be true!
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 14 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 14 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 11 hours ago
