New study warns of the dangers of using USB drives

0

Researchers have warned about the dangers of using USB drives, as they offer an easy way for hackers to steal passwords and other private data.

A new study carried out by the University of Adelaide has revealed how hackers could steal your private data if you fell for a practice known as ‘leakage’.

The study said that connecting a USB device which has been tampered with to your PC could be used to spread malware or even record which keys you press on your keyboard.

This information could then be relayed back to a central server controlled by the hackers, which in turn would potentially give them access to your passwords and other online login credentials.

The study also found that when data is transferred to and from a USB drive it creates a certain amount of “chatter” or cross talk.

If the “chatter” is strong enough, it could be intercepted or allow someone to eavesdrop on an adjacent USB port.

This means that hackers could capture data from your keyboard, printer, card reader, mouse or any other device which was connected to a neighbouring USB port.

“If a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured,” said Dr Yuval Yarom from University of Adelaide.

Dr Yarom said his team tested 50 USB drives and 90 percent were found to leak data.

“The main take-home message is that people should not connect anything to USB unless they can fully trust it,” said Dr Yarom.

“For users it usually means not to connect to other people’s devices. For organisations that require more security, the whole supply chain should be validated to ensure that the devices are secure.

“The USB has been designed under the assumption that everything connected is under the control of the user and that everything is trusted – but we know that’s not the case.

“The USB will never be secure unless the data is encrypted before it is sent,” he added.

Share.

Comments are closed.