Connecting via USB can lead to the leakage of confidential data
By Prempal Singh
USB-connection, the most common interface for connecting external devices to computers, allows to intercept data from devices connected to neighboring USB-ports, a group of researchers from the University of Adelaide (Australia) found out.
Experts tested more than 50 computers and external USB hubs and found that over 90% of them “poured” information onto an external USB device.
USB-compatible gadgets include keyboards, fingerprint recognition devices, etc., which often send confidential information to a computer. As previously thought, this information is protected from potentially dangerous or suspicious devices, because it is sent over the direct path of communication to the computer. However, a study conducted by scientists showed that if a malicious device or gadget that was hacked is connected to neighboring ports on the same external or internal USB hub, sensitive data can be intercepted. That is, attackers can easily intercept keystrokes and gain access to passwords or other confidential information.
The so-called “leakage of cross connections between channels,” scientists explained, is similar to the leakage of water from pipes and just like water, electricity can “leak”. In the course of the study, they found that voltage fluctuations in the data lines can be monitored from neighboring ports on a USB concentrator.
Specialists conducted an experiment in which they connected an inexpensive modified desktop lamp to the computer and could count each keystroke on the keyboard connected to a nearby USB connector. The received data via Bluetooth was sent to another computer.
“The USB standard was developed based on the assumption that all connected devices are trusted and are under the control of the user, but we know that this is not so. USB will never be completely safe if the data is sent in plaintext, “experts said.