Attacking Computers and Smartphones via USB Cable

Friday, January 21, 2011



Researchers have crafted software that can effectively change the functionality of a USB driver to enable attackers to infiltrate computers or smartphones with a seemingly innocent USB cable.

Assistant professor Angelos Stavrou and student Zhaohui Wang of George Mason University designed code which makes it possible to pilfer data when a smartphone is connected by USB cable with a computer.

The code adds a mouse or keyboard function to the USB driver that allows the attacker to take control of the units and download files or upload malware.

According to an article in Cnet:

"The exploit software they wrote identifies what operating sysetm is running on the device the USB cable is connected to. On Macintosh and Windows machines, a message pops up saying the system has detected a new human interface device, but there is no easily recognizable way to halt the process, Stavrou said. The Mac pop-up can be quickly removed by an attacker with a command sent via the smartphone so the laptop owner may not even see it, while the Windows pop-up lasts only one or two seconds in the lower left corner, making that an ineffective warning too, he said."

"Linux machines offer no warning, so users will have no idea that something out of the ordinary is happening, particularly since the regular keyboard and mouse continue to function normally during an attack, Stavrou said."

The exploit has only been adapted for Android phones so far, but the researchers are confident they can replicate the vulnerability for the iPhone as well.

The researchers warn that the vulnerability can be passed from device to device, such as from home PC to a smartphone, then from that smart phone to a laptop or computer at work.

The initial infection is likely to come from downloading or running a tainted application, and it is unlikely that antivirus software will recognize the malware because it can not distinguish it from normal keyboard or mouse function commands.


Possibly Related Articles:
Viruses & Malware
malware Attack Hacking Vulnerabilities Smart Phone Headlines USB Computer
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.