• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
Privacy

Crosstalk Flaw: Hackers can steal sensitive data with unsecure USBs

August 11th, 2017 Waqas Security, Hacking News, Privacy, Technology News 0 comments
Crosstalk Flaw: Hackers can steal sensitive data with unsecure USBs
Share on FacebookShare on Twitter

University of Adelaide School of Computer Science’ research team led by Dr. Yuval Yarom has identified that about 90% of external USB hubs and computer systems can leak information to external USB devices. This information exposure is attributed to electronic crosstalk, which the team referred to as “channel-to-channel crosstalk,” between the linked components.

Researchers tested 50 computers and external USBs, and it was learned that 90 percent of them leaked sensitive information such as keystrokes to another external USB drive. This percentage is relatively high. Research team stated that USB connections and USB sticks might just be the weakest link when it comes to data protection. They have regarded external USB drives as “vulnerable” devices that cause “information leakage.”

Related: 8 Technologies That Can Hack Into Your Offline Computer and Phone

The study has raised concerns over the reliability of external devices. According to Dr. Yarom USB-connected devices such as “keyboards, card swipers and fingerprint readers” usually send sensitive information to computers and their research verified the notion that if an infected or tampered device is plugged into adjacent ports of the same internal USB hub or external USB drive, then this would result in leakage of sensitive information. The information that can be exposed include keystrokes, which is rather alarming as it would give away passwords and private data to threat actors.

Crosstalk Flaw: Hackers can steal sensitive data using USBs

Image Credit: Yuval Yarom‏ – Twitter

Researchers have compared the data leak with water leakage from pipes and state that voltage fluctuations on data lines of the USB ports can be easily monitored from the adjacent ports.

“Electricity flows like water along pipes – and it can leak out. In our project, we showed that voltage fluctuations of the USB port’s data lines could be monitored from the adjacent ports on the USB hub.”

For their study, the research team utilized a modified, cheap “plug-in lamp with a USB connector” to monitoring every single key stroke from the “adjacent keyboard USB interface.”

[fullsquaread][/fullsquaread]

They identified that data from the keyboard, which was connected via Bluetooth, was sent to another computer. They added that since these devices are so commonly used and users never give attention to the possibility of USB sticks being tampered might lead to exposing their private data to any computer around the globe through SMS or Bluetooth.

Crosstalk Flaw: Hackers can steal sensitive data using USBs

Image Credit: Yuval Yarom‏ – Twitter

Dr. Yarom stated that it is important to redesign USB connections to ensure optimal security and data must also be encrypted before being sent to another device through USBs. He also suggested that users must take notice of their research and use such devices carefully.

“The main take-home message is that people should not connect anything to USB unless they can fully trust it. For users, it usually means not to connect to other people devices. For organizations that require more security, the whole supply chain should be validated to ensure that the devices are secure.”

Related: Charging Smartphone in Public Ports Leads to Data Hack — So Let’s Stop

A student at the University of Adelaide Yang Su, University of Maryland and University of Pennsylvania’s Dr. Daniel Genkin and Dr. Damith Ranasinghe from the University of Adelaide were other participants of the research. The team will be unfolding their findings at the USENIX Security Symposium being held in Vancouver, Canada from 16 to 18 August 2017.

  • Tags
  • Bluetooth
  • hacking
  • internet
  • LEAKS
  • Privacy
  • security
  • Technology
  • USB
Facebook Twitter LinkedIn Pinterest
Previous article WikiLeaks: CIA' CouchPotato Tool Remotely Collects Video Streams
Next article Facebook password stealer; hacking the attacker rather than victim 
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us