Industry News

Keyboards, USB Devices Can Be Used in Enhanced Hacking Attacks

Keyboards, thumb-drives, mice and other USB devices can be used for enhanced hacking attacks that may bypass traditional security filters, a German cryptography expert revealed.

Berlin’s SR Labs Chief Scientist Karsten Nohl discovered that hackers could load malicious software onto tiny, low-cost computer chips that control USB functions. Because small electronics components usually don’t have built-in shields, cyber-criminals could easily tamper with their code by exploiting bugs in the software.

Keyboards, USB Devices Can Be Used in Enhanced Hacking AttacksNohl said he wouldn’t be surprised if intelligence agencies such as the NSA have already used the technique for sophisticated attacks.

“These problems can’t be patched,” Nohl told Reuters. “We’re exploiting the very way that USB is designed. You cannot tell where the virus came from. It is almost like a magic trick. The sky is the limit. You can do anything at all.”

Nohl and his fellow expert Jakob Lell tested the BadUSB malicious code on USB control chips used in thumb drives and smartphones. After connecting the infected USB device to the computer, researchers were able to log keystrokes, spy on communications, mine and destroy data.

BadUSB can also remotely control the PC, alter files installed from the memory stick without users’ knowledge, and redirect internet traffic. Hackers could go as far as impersonating a keyboard and typing commands the infected computer can execute.

“It can do whatever you can do with a keyboard, which is basically everything a computer does,” Nohl said.

The methods of attack will be further described at next week’s Black Hat conference in Las Vegas, where thousands of security professionals, including Bitdefender’s antivirus experts, gather annually to hear about new hacking techniques.

About the author

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.