{"id":37882,"date":"2014-08-08T11:04:05","date_gmt":"2014-08-08T11:04:05","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=37882"},"modified":"2014-08-08T11:04:05","modified_gmt":"2014-08-08T11:04:05","slug":"usb-devices-can-secretly-infect-pc","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/?p=37882","title":{"rendered":"USB devices can ‘secretly infect’ PC"},"content":{"rendered":"
USB devices can be used to infect a computer without the user’s knowledge, according to security researchers.<\/div>\n
\n

Berlin-based cyber-security experts Karsten Nohl and Jakob Lell demonstrated how malicious code on hardware connected via USB could “hijack” a PC, and gather private data.<\/p>\n

The duo said there is no practical way to defend against the vulnerability.<\/p>\n

The body responsible for the USB standard said manufacturers could build in extra security.<\/p>\n

It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers.<\/p>\n

Most famously, the Stuxnet attack on Iranian nuclear centrifuges was believed to have been caused by an infected USB stick.<\/p>\n

However, this latest research demonstrated a new level of threat – where a USB device that appears completely empty can still contain malware, even when formatted.<\/p>\n

The vulnerability can be used to hide attacks in any kind of USB-connected device – such as a smartphone.<\/p>\n

“It may not be the end of the world today,” Mr Nohl told journalists, “but it will affect us, a little bit, every day, for the next 10 years”.<\/p>\n

\"USB<\/div>\n
The USB memory stick is a convenient connector used across many devices<\/div>\n

 <\/p>\n

“Basically, you can never trust anything anymore after plugging in a USB stick.”<\/p>\n

‘Chip’ exploited<\/strong>USB – which stands for Universal Serial Bus – has become the standard method of connecting devices to computers due to its small size, speed and ability to charge devices.<\/p>\n

USB memory sticks quickly replaced floppy disks as a simple way to share large files between two computers.<\/p>\n

The connector is popular due to the fact that it makes it easy to plug in and install a wide variety of devices. Devices that use USB contain a small chip that “tells” the computer exactly what it is, be it a phone, tablet or any other piece of hardware.<\/p>\n

It is this function that has been exposed by the threat.<\/p>\n

Smartphone ‘hijack’<\/strong>In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer.<\/p>\n

Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in.<\/p>\n

After just a few moments, the “keyboard” began typing in commands – and instructed the computer to download a malicious program from the internet.<\/p>\n

Another demo, shown in detail to the BBC, involved a Samsung smartphone.<\/p>\n

When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.<\/p>\n

Mr Nohl demonstrated to the BBC how they were able to create a fake copy of PayPal’s website, and steal user log-in details as a result.<\/p>\n

Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat.<\/p>\n

The same demo could have been carried out on any website, Mr Nohl stressed.<\/p>\n

‘Trust nothing’<\/strong>Mike McLaughlin, a security researcher from First Base Technologies, said the threat should be taken seriously.<\/p>\n

“USB is ubiquitous across all devices,” he told the BBC.<\/p>\n

“It comes down to the same old saying – don’t plug things in that you don’t trust.<\/p>\n

“Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed.”<\/p>\n

\"line\"<\/div>\n
\"USB\"<\/div>\n

Universal Serial Bus (USB)<\/p>\n

    \n
  • Standard method of connecting devices to computers<\/li>\n
  • Popular due to its small size<\/li>\n
  • Easy to plug in and install a variety of devices<\/li>\n<\/ul>\n
    \"line\"<\/div>\n

    The group responsible for the USB standard, the USB Working Party, refused to comment on the seriousness of the flaw.<\/p>\n

    But in more general terms, it said: “The USB specifications support additional capabilities for security, but original equipment manufacturers (OEMs) decide whether or not to implement these capabilities in their products.<\/p>\n

    “Greater capabilities of any product likely results in higher prices, and consumers choose on a daily basis what they are willing to pay to receive certain benefits.<\/p>\n

    “If consumer demand for USB products with additional capabilities for security grows, we would expect OEMs to meet that demand.”<\/p>\n

    Mr Nohl said the only protection he could advise was to simply be ultra-cautious when allowing USB devices to be connected to your machines.<\/p>\n

    “Our approach to using USB will have to change,” he told the BBC.<\/p>\n

    \u00a0<\/em><\/strong><\/p>\n

    Source: BBC<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    USB devices can be used to infect a computer without the user’s knowledge, according to security researchers. Berlin-based cyber-security experts Karsten Nohl and Jakob Lell demonstrated how malicious code on hardware connected via USB could “hijack” a PC, and gather private data. The duo said there is no practical way to defend against the vulnerability. […]<\/p>\n","protected":false},"author":14,"featured_media":37884,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[],"tags":[18],"class_list":["post-37882","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-dr-akwasi-osei"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/37882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37882"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/37882\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/media\/37884"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}