Home › News › Industry News

USB devices can become hardware-based Trojans

On August 4, 2005, 3:43 PM

Two newly discovered bugs in the Microsoft Windows XP Universal Serial Bus [USB] driver mean that a simple USB storage device can be turned into what is essentially a hardware-based Trojan. SPI Dynamics security engineers David Dewey and Darrin Barrall have revealed a hack where full data compromise can be achieved in less than 10 seconds of physical access.

Citing the example of a retail point-of-sale terminal with a USB port on the monitor, a malicious attacker can discretely plug in the USB device, wait 10 seconds while a monitoring program downloads and then leave the scene. Subsequently, after a time period of a week or so has elapsed, the USB device is plugged back in and the recorded transaction and credit card information is pulled off the terminal for "two, 10-second attacks that no one ever saw."
This type of attack can only occur with Windows AutoRun functionality, and only works on non-removable devices; however it is possible to make a USB device look non-removable via in-system programming. So be careful what you plug into that port!

No tags on this story

Next Article: Microsoft plans new search page

TechSpot on:

Most Popular

Trending

Featured

Featured on Laptops

Downloads and Drivers

Downloads

Drivers

Google Chrome 28.0.1500.20 Dev for Linux

DVDFab Passkey Lite 8.0.9.9

Google Chrome 27.0.1453.93 for Windows

PRTG - Free Network Monitor 13.2.3.2134

Google Chrome 27.0.1453.93 for Mac OS X

More Downloads

Latest Discussion

Which is the best smartphone to buy? 20 replies on Mobile Computing

IPod Home Button Problems 8 replies on Other Hardware

Graphics Card Question 7 replies on Audio and Video

How do I begin to build a custom computer? 12 replies on Other Hardware

Unsure if my new graphics card will work with my PC 9 replies on Audio and Video

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.

TechSpot

Welcome to TechSpot

Home › News › Industry News

USB devices can become hardware-based Trojans

Next Article: Microsoft plans new search page

Post a new comment

TechSpot on:

Most Popular

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Tested, Benchmarked

'Supercapacitor' could fully charge your phone in less than 30 seconds

Microsoft officially announces Xbox One: here's what we know so far

Bill Gates is once again the richest person in the world

Metro: Last Light Performance, Benchmarked

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Review

Gigabyte U2442F Ultrabook Review

8 Free to Play Games That Are Too Good to Be True

Featured on Laptops

77 Lenovo ThinkPad X1 Carbon Touch

79 Lenovo IdeaPad Yoga 13

75 Asus VivoBook S400CA

89 Apple MacBook Pro 15" Retina - Summer 2012

85 Apple MacBook Air 13.3 inch - Summer 2012

Downloads and Drivers

Latest Discussion

Subscribe to TechSpot

Featured Tech Content - Inside TechSpot

	Social Login & Guest Posting Post as anonymous user			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.