also @ TechSpot: Seven Intel P55 Motherboards Compared, Reviewed

Most Popular

Top Stories Commented  Featured 

Weekend Open Forum: Google Chrome OS and the future of cloud computing  featured

Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes  featured

Google previews its upcoming Chrome OS

Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3

Xbox Live bans prompt class action lawsuit

Sony: PlayStation 3 to be 3D-capable via firmware update

Radeon HD 5970 supplies dry up quick, not a big surprise

Dell intros the multitouch-capable Studio 17 Touch

More Top Stories

Downloads & Drivers

Downloads   Drivers  

Norton Virus Definitions 2003-07 November 20, 2009

AVG Anti-Virus Updates November 20, 2009

Norton Virus Definitions 2008-09 November 20, 2009

avast! Virus Definitions November 20, 2009

McAfee SuperDAT Update 5808

More Downloads

TS Community

Recent Discussion   User Gallery  

New SATA Drive

Windows 7 is a start button tweak possible?

PNY 9800GT temps

Ram upgrade, mixing different manufacturers

News around the web: Why Chrome OS will fail

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Information Technology

USB devices can become hardware-based Trojans

By Derek Sooman, TechSpot.com
Published: August 4, 2005, 3:43 PM EST
Two newly discovered bugs in the Microsoft Windows XP Universal Serial Bus [USB] driver mean that a simple USB storage device can be turned into what is essentially a hardware-based Trojan. SPI Dynamics security engineers David Dewey and Darrin Barrall have revealed a hack where full data compromise can be achieved in less than 10 seconds of physical access.

Citing the example of a retail point-of-sale terminal with a USB port on the monitor, a malicious attacker can discretely plug in the USB device, wait 10 seconds while a monitoring program downloads and then leave the scene. Subsequently, after a time period of a week or so has elapsed, the USB device is plugged back in and the recorded transaction and credit card information is pulled off the terminal for "two, 10-second attacks that no one ever saw."
This type of attack can only occur with Windows AutoRun functionality, and only works on non-removable devices; however it is possible to make a USB device look non-removable via in-system programming. So be careful what you plug into that port!

Related Stories

Post a comment
RSS