{"id":37882,"date":"2014-08-08T11:04:05","date_gmt":"2014-08-08T11:04:05","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=37882"},"modified":"2014-08-08T11:04:05","modified_gmt":"2014-08-08T11:04:05","slug":"usb-devices-can-secretly-infect-pc","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/2014\/08\/usb-devices-can-secretly-infect-pc\/","title":{"rendered":"USB devices can ‘secretly infect’ PC"},"content":{"rendered":"
Berlin-based cyber-security experts Karsten Nohl and Jakob Lell demonstrated how malicious code on hardware connected via USB could “hijack” a PC, and gather private data.<\/p>\n
The duo said there is no practical way to defend against the vulnerability.<\/p>\n
The body responsible for the USB standard said manufacturers could build in extra security.<\/p>\n
It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers.<\/p>\n
Most famously, the Stuxnet attack on Iranian nuclear centrifuges was believed to have been caused by an infected USB stick.<\/p>\n
However, this latest research demonstrated a new level of threat – where a USB device that appears completely empty can still contain malware, even when formatted.<\/p>\n
The vulnerability can be used to hide attacks in any kind of USB-connected device – such as a smartphone.<\/p>\n
“It may not be the end of the world today,” Mr Nohl told journalists, “but it will affect us, a little bit, every day, for the next 10 years”.<\/p>\n
<\/p>\n
“Basically, you can never trust anything anymore after plugging in a USB stick.”<\/p>\n
‘Chip’ exploited<\/strong>USB – which stands for Universal Serial Bus – has become the standard method of connecting devices to computers due to its small size, speed and ability to charge devices.<\/p>\n USB memory sticks quickly replaced floppy disks as a simple way to share large files between two computers.<\/p>\n The connector is popular due to the fact that it makes it easy to plug in and install a wide variety of devices. Devices that use USB contain a small chip that “tells” the computer exactly what it is, be it a phone, tablet or any other piece of hardware.<\/p>\n It is this function that has been exposed by the threat.<\/p>\n Smartphone ‘hijack’<\/strong>In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer.<\/p>\n Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in.<\/p>\n After just a few moments, the “keyboard” began typing in commands – and instructed the computer to download a malicious program from the internet.<\/p>\n Another demo, shown in detail to the BBC, involved a Samsung smartphone.<\/p>\n When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.<\/p>\n Mr Nohl demonstrated to the BBC how they were able to create a fake copy of PayPal’s website, and steal user log-in details as a result.<\/p>\n Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat.<\/p>\n The same demo could have been carried out on any website, Mr Nohl stressed.<\/p>\n ‘Trust nothing’<\/strong>Mike McLaughlin, a security researcher from First Base Technologies, said the threat should be taken seriously.<\/p>\n “USB is ubiquitous across all devices,” he told the BBC.<\/p>\n “It comes down to the same old saying – don’t plug things in that you don’t trust.<\/p>\n “Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed.”<\/p>\n Universal Serial Bus (USB)<\/p>\n The group responsible for the USB standard, the USB Working Party, refused to comment on the seriousness of the flaw.<\/p>\n But in more general terms, it said: “The USB specifications support additional capabilities for security, but original equipment manufacturers (OEMs) decide whether or not to implement these capabilities in their products.<\/p>\n “Greater capabilities of any product likely results in higher prices, and consumers choose on a daily basis what they are willing to pay to receive certain benefits.<\/p>\n “If consumer demand for USB products with additional capabilities for security grows, we would expect OEMs to meet that demand.”<\/p>\n Mr Nohl said the only protection he could advise was to simply be ultra-cautious when allowing USB devices to be connected to your machines.<\/p>\n “Our approach to using USB will have to change,” he told the BBC.<\/p>\n \u00a0<\/em><\/strong><\/p>\n Source: BBC<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":" USB devices can be used to infect a computer without the user’s knowledge, according to security researchers. Berlin-based cyber-security experts Karsten Nohl and Jakob Lell demonstrated how malicious code on hardware connected via USB could “hijack” a PC, and gather private data. The duo said there is no practical way to defend against the vulnerability. […]<\/p>\n","protected":false},"author":14,"featured_media":37884,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[18],"yoast_head":"\n\n