Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
Intel Core i5-based MacBook Pros coming soon?
AMD's six-core Thuban to have feature like Turbo Boost?
Google to launch Twitter-like service for Gmail
Intel unveils Itanium 9300 series enterprise processors
Netflix to roll out 1080p streaming later this year
TS Community
| User Gallery | Recent Discussion |
 Nice Subtle Windows Logo Wallpaper by Julio |  06-07-08_0819 by blackhawke |
 Call of Duty: world at war by detoam |  Google Maps fail by mattfrompa |
TechSpot RSSIndustry News
USB devices can become hardware-based Trojans
Two newly discovered bugs in the Microsoft Windows XP Universal Serial Bus [USB] driver mean that a simple USB storage device can be turned into what is essentially a hardware-based Trojan. SPI Dynamics security engineers David Dewey and Darrin Barrall have revealed a hack where full data compromise can be achieved in less than 10 seconds of physical access.
Citing the example of a retail point-of-sale terminal with a USB port on the monitor, a malicious attacker can discretely plug in the USB device, wait 10 seconds while a monitoring program downloads and then leave the scene. Subsequently, after a time period of a week or so has elapsed, the USB device is plugged back in and the recorded transaction and credit card information is pulled off the terminal for "two, 10-second attacks that no one ever saw."
This type of attack can only occur with Windows AutoRun functionality, and only works on non-removable devices; however it is possible to make a USB device look non-removable via in-system programming. So be careful what you plug into that port!
Citing the example of a retail point-of-sale terminal with a USB port on the monitor, a malicious attacker can discretely plug in the USB device, wait 10 seconds while a monitoring program downloads and then leave the scene. Subsequently, after a time period of a week or so has elapsed, the USB device is plugged back in and the recorded transaction and credit card information is pulled off the terminal for "two, 10-second attacks that no one ever saw."
This type of attack can only occur with Windows AutoRun functionality, and only works on non-removable devices; however it is possible to make a USB device look non-removable via in-system programming. So be careful what you plug into that port!
Related Stories
