Just as there is a water leak from pipes, so do the electrical signals from the USB ports, indirectly exposing the sensitive data to an experienced attacker, according to new research by Adelaide University scientists in Australia.
The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB devices connected to neighboring ports.
“Electricity flows like the water into pipes and can leak,'' said the project's lead Dr. Yuval Yarom. "In our work, we showed that the fluctuations of the voltage of its data lines doors USB can be controlled from the adjacent ports for the hub USB. "
This scenario assumes the existence of a malicious USB device that is connected to a nearby port. The attacker can use this device to monitor the data flow of neighboring ports.
Researchers say that an attacker could collect this data and use an Internet connection to send it to the attacker's server. Anything that goes into an unencrypted format via adjacent USB ports can be collected.
For the practical side of their research, the scientists used a modified light bulb with reception USB to record every keystroke of a neighboring USB keyboard. They then sent the data to another computer via Bluetooth.
In addition, conducting a USB attack via channel-to-channel crosstalk leakage is not as complicated as many of our readers would think. Numerous studies have shown that users generally have a habit of accepting random USB drives and installing them on personal or corporate computers without considering the security implications.
"The main message of our study is that users should not connect anything to USB if they can not fully trust it," the researchers concluded, and at iguru we fully embrace it.
The full investigation is not yet public, but will be presented under the title "USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs" next weekteam at the USENIX Security Symposium in Canada.