CHINA TOPIX

11/02/2024 11:30:16 am

Make CT Your Homepage

Hackers Use USBs in New Attacks

Man typing

(Photo : Reuters)

Researchers at SR Labs in Berlin, Germany report that hackers are resorting to a farily simple method to attack computers.

Hackers can now use thumb-drives, keyboards, mice and other USB devices to gain entry into personal computers.

Chief scientist Karsten Nohl at SR Labs said malicious codes can be loaded by hackers into the tiny computer chips used to manage functions of USB devices, said to The Sydney Morning Herald.

Like Us on Facebook

USBs don't have built-in security measures against code-tampering. 

"You cannot tell where the virus came from. It is almost like a magic trick," said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.

The results show that bugs in the software used to make the microchips function can be exploited by hackers. The flaws in such systems are becoming a focal point in security studies, according to the Business Insider.

SR Labs wrote malicious code onto USB control chips used in smartphones and thumb-drives to launch attacks. The malicious software can destroy data, record keystrokes and spy on the user after the USB device is attached to a computer.

While anti-virus programs scan for such codes written onto memory, the programs do not inspect firmware that manages USB devices. The loophole lets corrupted devices infect computers without any resistance.

Nohl tested the method by corrupting chips made by Phison Electronics, a prominent Taiwanese manufacturer, and mounting them on smartphones running the Android operating system and USB memory drives.

Alex Chiu, an attorney working for Phison, said that Nohl had contacted the manufacturer in May about the experiment, according to Reuters.

"Mr. Nohl did not offer detailed analysis together with work product to prove his finding," Chiu said. "Phison does not have ground to comment on his allegation."

Chiu said it is impossible to modify Phison's controller firmware without retrieving their private data.

Nohl believes hackers have a "high chance" of corrupting other classes of controller chips made by other companies as manufacturers are not obliged to create security measures for their software.

He said infected chips can be used to infect keyboards, mice and other devices that connect through USBs.

In the trials, Nohl said he was able to instruct a computer to download a virus and gain remote access because the computer identified the commands as coming from the keyboard.

Other devices such as phones, headsets and webcams that connect to the computer will also be infected. The newly infected devices can then pass the infection onto another computer.

"Now all of your USB devices are infected. It becomes self-propagating and extremely persistent," Nohl said. "You can never remove it."

Nohl and Jakob Lell, Nohl's colleague at SR Labs, will explain their hacking technique in the Black Hat hacking conference next week in Las Vegas in a presentation, "Bad USB - On Accessories that Turn Evil." 

Real Time Analytics