Keyboards, thumb-drives, mice and other USB devices can be used for enhanced hacking attacks that may bypass traditional security filters, a German cryptography expert revealed.
Berlin’s SR Labs Chief Scientist Karsten Nohl discovered that hackers could load malicious software onto tiny, low-cost computer chips that control USB functions. Because small electronics components usually donâ€™t have built-in shields, cyber-criminals could easily tamper with their code by exploiting bugs in the software.
â€œThese problems canâ€™t be patched,â€ Nohl told Reuters. â€œWeâ€™re exploiting the very way that USB is designed. You cannot tell where the virus came from. It is almost like a magic trick. The sky is the limit. You can do anything at all.â€
Nohl and his fellow expert Jakob Lell tested the BadUSB malicious code on USB control chips used in thumb drives and smartphones. After connecting the infected USB device to the computer, researchers were able to log keystrokes, spy on communications, mine and destroy data.
BadUSB can also remotely control the PC, alter files installed from the memory stick without usersâ€™ knowledge, and redirect internet traffic. Hackers could go as far as impersonating a keyboard and typing commands the infected computer can execute.
â€œIt can do whatever you can do with a keyboard, which is basically everything a computer does,â€ Nohl said.
The methods of attack will be further described at next week’s Black Hat conference in Las Vegas, where thousands of security professionals, including Bitdefenderâ€™s antivirus experts, gather annually to hear about new hacking techniques.