Hackers Use USBs in New Attacks
Marc Maligalig | | Aug 01, 2014 02:46 AM EDT |
(Photo : Reuters)
Researchers at SR Labs in Berlin, Germany report that hackers are resorting to a farily simple method to attack computers.
Hackers can now use thumb-drives, keyboards, mice and other USB devices to gain entry into personal computers.
Chief scientist Karsten Nohl at SR Labs said malicious codes can be loaded by hackers into the tiny computer chips used to manage functions of USB devices, said to The Sydney Morning Herald.
Like Us on Facebook
USBs don't have built-in security measures against code-tampering.
"You cannot tell where the virus came from. It is almost like a magic trick," said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.
The results show that bugs in the software used to make the microchips function can be exploited by hackers. The flaws in such systems are becoming a focal point in security studies, according to the Business Insider.
SR Labs wrote malicious code onto USB control chips used in smartphones and thumb-drives to launch attacks. The malicious software can destroy data, record keystrokes and spy on the user after the USB device is attached to a computer.
While anti-virus programs scan for such codes written onto memory, the programs do not inspect firmware that manages USB devices. The loophole lets corrupted devices infect computers without any resistance.
Nohl tested the method by corrupting chips made by Phison Electronics, a prominent Taiwanese manufacturer, and mounting them on smartphones running the Android operating system and USB memory drives.
Alex Chiu, an attorney working for Phison, said that Nohl had contacted the manufacturer in May about the experiment, according to Reuters.
"Mr. Nohl did not offer detailed analysis together with work product to prove his finding," Chiu said. "Phison does not have ground to comment on his allegation."
Chiu said it is impossible to modify Phison's controller firmware without retrieving their private data.
Nohl believes hackers have a "high chance" of corrupting other classes of controller chips made by other companies as manufacturers are not obliged to create security measures for their software.
He said infected chips can be used to infect keyboards, mice and other devices that connect through USBs.
In the trials, Nohl said he was able to instruct a computer to download a virus and gain remote access because the computer identified the commands as coming from the keyboard.
Other devices such as phones, headsets and webcams that connect to the computer will also be infected. The newly infected devices can then pass the infection onto another computer.
"Now all of your USB devices are infected. It becomes self-propagating and extremely persistent," Nohl said. "You can never remove it."
Nohl and Jakob Lell, Nohl's colleague at SR Labs, will explain their hacking technique in the Black Hat hacking conference next week in Las Vegas in a presentation, "Bad USB - On Accessories that Turn Evil."
Tagshacking, hacker, hackers, USB, Computer Virus, computer, computer chip research, Virus
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
-
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?