CATEGORIES
home News

Hackers Can Now Compromise USB Devices And On-Board USB Controllers

by Rob WilliamsThursday, July 31, 2014, 12:30 PM EDT

Another day, another report of a potential hack that could cause some real trouble. Researchers at Berlin's SR Labs have discovered that firmware can be rewritten on any sort of USB device, be it a keyboard, a mouse, or a flash drive, and exploits could involve logging keystrokes, eavesdropping on communications, and a virus favorite, destroying data.

What's concerning about all of this is that SR Labs says that such an implementation would be invisible to anti-malware and anti-virus tools, as those don't scan at such a low-level - this firmware would be also helping the device function, after all. As such, nothing would likely be stored in RAM, which is the area scanner tools look for real-time breaches.

Here's an interesting implementation: Your smartphone. If plugged into the PC via USB, and such malicious firmware exists, it could be used to either cause trouble, or send some information over the Internet to those who created it. Again, because these exploits would be such low-level functions, scanners might be hard-pressed to detect it, and there's the potential that even a firewall wouldn't stop an Internet transaction since it could be expected of the device.

Karsten Nohl, chief scientist with SR Labs, has noted that this kind of hack is simple enough where the likes of the National Security Agency might already be taking advantage of it. Both Nohl and Jakoc Lell, a security researcher at SR Labs, will be showing-off their findings at next week's Black Hat conference in Las Vegas.

Do end-users have anything to worry about? Not at this point, as either a special chip would need to be installed into a given USB device, or a device's firmware would have to be re-writable without affecting the normal function of the device. It's all possible, but it strikes me as an exploit that would never be anything but seriously niche. Unless, of course, a vendor of popular USB devices gets breached and starts spitting these things out by the millions. That almost sounds like the plot-line to a cheesy hacker movie.

Tags:  Malware, USB, security, Privacy
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment