Researchers Exploit USB Flaw To Steal Data
If you went to your home or office computer, would you be able to tell if someone had swapped your keyboard for one exactly like it? Many people probably would not be able to. A team of researchers has shown that a shortcoming in the way USB standards work could be used to steal data.
The exploit reportedly allows just about any USB device to be used to steal data. That means anything from your keyboard to your USB pole dancer could be a data theft tool. The team claims that if for example you take the exact same keyboard someone is using on their computer and modify it to steal data and replace the existing keyboard the computer would not know anything has changed.
The exploit takes advantage of a weakness in plug-and-play functionality where the USB protocol automatically trusts what is being plugged in to report what it is correctly. The team demonstrated the hack by making a keyboard that would get data from a HDD and transmit it as a flashing light using Morse code or by making a warbling sound from the computer sound card. The team points out that they could have used other methods to send stolen data such as email.