The most used external devices to computers are the USB connections. They make the use and transfer of data easy but the other side is that the data has the threat of leakage because due to the use of USB connections the data become insecure also. And this fact about USB connections is shown by the Australian research also.
University of Adelaide researchers tested and verified more than 5o different computers and external USB hubs and found that over 90% of them disclosed information to an external USB device. The results are being vacant at the USENIX Security Symposium in Vancouver, Canada next week.
The project leader Dr. Yuval Yarom, Research Associate with the University of Adelaide’s School of Computer Science said: “USB-connected devices include keyboards, card swipers, and fingerprint research which often send sensitive information to the computer. It has been thought that because that information is only sent along the direct communication path to the computer, it is protected from potentially compromised devices.”
He further added, “But our research showed that if a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured. That means keystrokes showing passwords or other private information can be easily stolen.”
Dr. Yarom says this “channel-to-channel crosstalk leakage” is same as the water leaking from pipes. “Electricity flows like water along pipes and it can leak out”.
He says, “In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub.”
He also gives information that the other research has shown that if the USB stick fall on the ground, 75% of them are picked up and plugged into a computer. But they have been interfered with to send a message via Bluetooth or SMS to a computer anywhere in the world.
Dr. Yarom gives suggestion to this problem of data leakage due to USB connections that it should be designed again to make them more reliable and secure.
He said: “The USB has been designed under the assumption that everything connected is under the control of the user and that everything is trusted but we know that’s not the case. The USB will never be secure unless the data is encrypted before it is sent.”