Just when you thought that innocent-looking USB coffee-cup warmer does not do much except for keeping your cuppa Joe hot enough, then think again. A recent research shows that even the simplest of USB-connected devices, from mice to printers to keyboards, can be turned into tools for data theft. This startling discovery was uncovered by a group of engineers at the Royal Military College of Canada.
The method used is called “hardware trojan,” which is traditionally done by managing to get hold of a microchip when it is still in the factory and tweak some changes in it before getting built to a gadget. Once the hacked device is used, it gathers private data from passwords, keylogs, and even credit card numbers.
In this case, hardware trojan can be carried out by exploiting the loophole in USB’s plug-and-play functionality. Since the USB protocol trusts any device being plugged in to, if the port is plugged with a hacked device that carries the same identity as the legal one, the computer will not realize the difference. This also opens a loophole among security software that only check USB memory sticks for signs of malware and not on other USB devices.
