Hacked USB sticks can track everything you do on a computer
Researchers find USB 'crosstalk' can steal your passwords and secret information.
Experts have warned against people picking up and using old USB sticks, as it's an easy way for hackers to gain access to your secret data.
The dangers of using a USB flash drive you've found on the floor have been highlighted in the past. A previous study revealed there's a 50-75% likelihood lost USBs were picked up and used.
Now, a new in-depth study by the University of Adelaide has shown just how much data a nefarious hacker could glean from your system if you fell for their trap, in a practice known as 'leakage'.
Plugging in a USB that's been loaded with malicious software could detect a victim's every keyboard stroke and relay it remotely to the cyber criminal, meaning sensitive information such as passwords and login pincodes could be easily stolen and used.
The tampered USB sticks are able to detect signals from other devices like keyboards plugged into neighbouring USB ports with 'crosstalk' occurring as "most computer wires are connected to a larger circuit, so a signal sent on one wire affects another," said Dr Yuval Yarom, computer scientist at the university.
"Electricity flows like water along pipes – and it can leak out," Dr Yarom explained. "In our project, we showed that voltage fluctuations of the USB port's data lines can be monitored from the adjacent ports on the USB hub."
The team tested hacked USBs on 50 different computers and found that 90% of them leaked information to the devices. In a real-world situation modified sticks would likely transmit the data via Bluetooth or SMS.
Dr Yarom calls for USB ports to be redesigned in order to make computing more secure, but in the meantime his research once again serves to remind the public about the tricks cybercriminals can pull and the vulnerable entry points they are constantly looking to exploit. The public are reminded to always be vigilant and to never use a USB stick they have no verified as safe.
In 2016 authorities, in Australia discovered malware-laced USB sticks being posted through the mailboxes of unwitting civilians in the hope they would be used. They worked differently to those mentioned above, instead installing and running malicious software the moment the flash drive was inserted into the computer.
© Copyright IBTimes 2024. All rights reserved.