George Mason University researchers were scheduled to demonstrate a computer device attack using a USB cable at the Black Hat DC conference. Professor Angelos Stavrou and student Zhaohui Wang have written software that changes the functionality of the USB driver, enabling keyboard and mouse functionality to be added to the connection. The exploit of the USB protocol, which can be used to connect any device to a computing platform without authentication, allows an attacker to start typing commands, click the mouse to steal files, and download malware. Although Macintosh and Windows machines will produce a pop-up message saying a new human interface device has been detected, there is no easily recognizable way to stop the process.
Stavrou describes the compromise as viral. "Say your computer at home is compromised and you compromise your Android phone by connecting them," he says. "Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android."
The original compromise can result from downloading the exploit from the Web or running a compromised app, and antivirus software would not be able to determine whether the exploit's activities are controlled or sanctioned by the user.
View Full Article
Abstracts Copyright © 2011 Information Inc., Bethesda, Maryland, USA
No entries found