Most Popular

Top Stories Latest Featured

Sony unveils its "non netbook" Vaio P series

Windows 7 64-bit version hits torrent sites

Windows 7 beta released to testers, public beta coming tomorrow

AMD Phenom II X4 940 & 920 review @ TechSpot

Left 4 Dead DLC arriving next week?

SanDisk intros next-gen SSDs for netbooks

Palm announces webOS platform and demos Palm Pre

Weak demand causes Intel to issue revenue warning

More Top Stories

Downloads & Drivers

Downloads Drivers Essentials

EF Commander 6.82

K-Lite Mega Codec Pack 4.4.5

LimeWire 4.18.8

Aplus Video Joiner 8.85

Express Burn 4.17

More Downloads

TS Community

Recent Discussions Community Archive

A simple memory question

Sagipsul.com Virus

Multiple System Files in Win XP Home

HP / Dell / etc. laptop password help thread

Need video driver

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Information Technology

USB devices can become hardware-based Trojans

By Derek Sooman, TechSpot.com
Published: August 4, 2005, 3:43 PM EST

Two newly discovered bugs in the Microsoft Windows XP Universal Serial Bus [USB] driver mean that a simple USB storage device can be turned into what is essentially a hardware-based Trojan. SPI Dynamics security engineers David Dewey and Darrin Barrall have revealed a hack where full data compromise can be achieved in less than 10 seconds of physical access.

Citing the example of a retail point-of-sale terminal with a USB port on the monitor, a malicious attacker can discretely plug in the USB device, wait 10 seconds while a monitoring program downloads and then leave the scene. Subsequently, after a time period of a week or so has elapsed, the USB device is plugged back in and the recorded transaction and credit card information is pulled off the terminal for "two, 10-second attacks that no one ever saw."
This type of attack can only occur with Windows AutoRun functionality, and only works on non-removable devices; however it is possible to make a USB device look non-removable via in-system programming. So be careful what you plug into that port!

Related Stories

Post a comment
RSS