Header Ads

USB Port Channel To-Channel Crosstalk Vulnerabiltiy

Malicious USB devices can collect and steal data from neighboring USB ports


At the USENIX Security Symposium, experts from the Australian State University of Adelaide are preparing to present a report according to which electrical signals emitting from USB ports can be used to steal data.
Researchers explain that the phenomenon is known as channel-to-channel crosstalk leakage, which extends to USB devices connected to neighboring ports of one PC or hub.
"Electricity flows like water in pipes and there are also" leaks "here. Our project is proof that voltage fluctuations in USB ports can be monitored through neighboring UBS hub ports, "says Dr. Yuval Yarom, head of the research team.
Experts address that they studied more than 50 external USB hubs and 90% of them were vulnerable to channel-to-channel cross-talk attacks. In fact, the attacker simply connects to one of the USB ports own malicious device, so that it can monitor voltage fluctuations on neighboring ports to which other gadgets are connected, and intercept a variety of information like the keystrokes and passwords.
As a proof-of-concept, experts modified a standard desk lamp that connects to USB and forced the device to track keystrokes and transmit the collected data via Bluetooth to a third-party computer, where the collected information was analyzed.
Experts assert that the main problem is that people still consider USB-devices as something innocuous, believing that they are not scared to connect to a computer or a hub. As you know, many users connect flash drives found on the street, without speculating the consequences. Researchers from the University of Adelaide write that this approach needs to be changed, and USB can not be considered secure unless all the data is encrypted before sending.

No comments

Powered by Blogger.