Filed under: Internet, Security
Using a well-documented and easily-replicated flaw in the USB specification, a bunch of plucky Canadians have managed to turn innocuous peripherals like keyboards into a hardware trojan horse.The team produced a modified keyboard that was capable of transmitting data in Morse code, using an LED -- but that was just a proof of concept! There's nothing to prevent a keyboard from sending data over the Internet via email, FTP, or indeed any other transmission method.
This clever exploit relies on a weakness in the USB plug-and-play specification: it is the device's responsibility to identify itself. If a keyboard says it's a keyboard, the computer believes it; a keyboard could identify itself as a camera and the computer would not be any the wiser. To turn a keyboard into a hardware Trojan, the team modified the hardware but ensured that it still reported the same identity when plugged into the computer.
Using this exploit, a real-world sneak-thief could easily switch keyboards in an office workplace with identical-looking Trojan-enhanced replacements.
But why stop at keyboards? You could make Trojan mice, microphones, printers, or even coffee cup warmers. You can be certain that a peripheral manufacturer will accidentally ship a device with a hardware trojan, too -- just give it a few months!
The virus scanners of tomorrow are going to have to get a lot smarter, that's for sure.
Your USB keyboard (or coffee cup warmer) could be harboring a Trojan keylogger... or worse! originally appeared on Download Squad on Fri, 02 Jul 2010 08:00:00 EST. Please see our terms for use of feeds.
Read�|�Permalink�|�Email this�|�CommentsAvril Lavigne
Fergie
No comments:
Post a Comment