One of the top computer security expert just said that USB devices like keyboard, mouse, pen drive can be used to hack your personal computer. This is the latest way of security breach that bypasses all security protection measures.
Security expert Karsten Nohl, who is working at SR Labs in Berlin said that, attackers can bundle malicious software in low cost chips that are used to control functions of USB devices. There is no system that analyses the code of these chips.
SR Labs is quite popular due to their past research work that exposed major flaws in mobile phones. Nohl said, “Since there is no defensive software for chips in USB devices, you will never understand where did the virus come from.”
The bugs in software that controls USB function can be very dangerous if attackers find the way to use develop the chip used in them. SR Labs has tested exploiting these USB controller chips by adding malicious code in them. When user connects USB device to PC, the malicious software can spy on communications, log keystrokes and even destroy data.
Anti virus software are used to scan third party software that is installed on the PC, it does not scan the firmware that powers USB devices. Karsten Nohl and Jakob Lell are going to present the research paper “Bad USB – On Accessories that Turn Evil” at Black Hat hacking conference in Las Vegas next week.
BlackHat is a conference of security professionals where they gather and discuss latest hacking techniques that intimidate security and privacy of data and complex computer infrastructure. Nohl suspects that intelligence agencies like NSA are most likely to launch attacks using USB devices to spy on personal data of users. NSA representative declined to comment anything on it.
In last year’s Back Hat, Nohl had presented a research paper that described the methods of attacking sim cards used in phones remotely. In December, former NSA contract Edward Snowman leaked a document that reveals NSA’s surveillance technique of “Monkey Calander.”
SR Labs tried exploiting chip in USB devices used by Phison Electronics from Taiwan. The firm installed this exploited chip in USB devices as well as Android smartphones. Alcor Micro corporation and Silicon Motion Technology corporation are other two major manufacturers of this kind of chip. But SR labs did not test exploiting chips from these other two manufacturing companies. Phison and Google’s spokesperson kept quite when asked questions regarding this.
Nohl said, “Infected chips can be used to infect keyboard, mouse and USB memory devices. Controlled chips made by other chip manufactures than Phison are more likely to get attacked as they don’t require to secure software. Attackers can do anything, the sky is the limit.”
He also said that, he was able to access computer remotely that is connected to the infected USB device. He was also able to change DNS network settings that are used to route internet traffic through malicious servers. Once the computer gets infected with this malicious virus, one infected controller chip in USB can infect other chips in other USB devices as well, which can corrupt any new computer that they connect to.
Nohl said, “Users can never remove this malicious software controller chip of USB device. The infection process is self propagating and persistent.” Christof Paar, a professor of electrical engineering at Germany’s University of Bochum who reviewed the findings, said
According to Christof Paar, who is a professor of electric engineering at University of Bochum in Germany said that, this new research will attract security researchers towards USB technology which will lead to discovery of more bugs and new exploitation methods which will help manufactures to secure and protect their chips. Paar added, “Manufacturers should make it harder to make any changes in software powers USB devices.”