USB ‘critically flawed’ after bug discovery, researchers say

Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

 

In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer.

Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in.

After just a few moments, the “keyboard” began typing in commands – and instructed the computer to download a malicious program from the internet.

Another demo, shown in detail to the BBC, involved a Samsung smartphone.

When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.

Mr Nohl demonstrated to the BBC how they were able to create a fake copy of PayPal’s website, and steal user log-in details as a result.

Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat.

The same demo could have been carried out on any website, Mr Nohl stressed.

 

See More