Peaches Posted January 20, 2011 Report Share Posted January 20, 2011 January 19, 2011 11:57 AM PST Researchers turn USB cable into attack tool Two researchers have figured out a way to attack laptops and smartphones through an innocent-looking USB cable. Angelos Stavrou, an assistant professor of computer science at George Mason University, and student Zhaohui Wang wrote software that changes the functionality of the USB driver so that they could launch a surreptitious attack while someone is charging a smartphone or syncing data between a smartphone and a computer. Basically, the exploit works by adding keyboard or mouse functionality to the connection so an attacker can then start typing commands or click the mouse in order to steal files, download additional malware, or do other things to take control of the computer, Stavrou told CNET in an interview. The exploit software they wrote identifies what operating sysetm is running on the device the USB cable is connected to. On Macintosh and Windows machines, a message pops up saying the system has detected a new human interface device, but there is no easily recognizable way to halt the process, Stavrou said. The Mac pop-up can be quickly removed by an attacker with a command sent via the smartphone so the laptop owner may not even see it, while the Windows pop-up lasts only one or two seconds in the lower left corner, making that an ineffective warning too, he said. Linux machines offer no warning, so users will have no idea that something out of the ordinary is happening, particularly since the regular keyboard and mouse continue to function normally during an attack, Stavrou said. Full details here: http://news.cnet.com...028919-245.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.