Categories: News

USB Connections Vulnerable to Data Leakage

It seems USB is not as secure as previously thought. New research shows that USB connections are vulnerable to data leakage. The study, run by University of Adelaide researchers, demonstrated over 90% of 50 tested external USB devices are at risk. The researchers collected this leaked data remotely. In other words, they did not intercept data directly from the USB connection. Instead, they gathered information through a modified USB lamp placed adjacent to the target device. Furthermore, the snooping device transmitted the stolen data to another computer.

USB Data Leakage

Dr Yuval Yarom, a Research Associate with the University of Adelaide’s School of Computer Science, compares the process to leaking water pipes. Data becomes vulnerable to “channel-to-channel crosstalk leakage.” He explains:

“Electricity flows like water along pipes – and it can leak out.”

Yarom led the research in collaboration with student Yang Su, Dr. Daniel Genkin from the University of Pennsylvania, and University of Maryland, and Dr. Damith Ranasinghe of University of Adelaide’s Auto-ID Lab. The team measured voltage fluctuations from USB port data lines through an adjacent port in a USB hub. The adjacent USB lamp read keystrokes through the leaky connection. Finally, the snooping device transferred the data to another computer via Bluetooth.

USB Not as Safe as Previously Thought

Until now, researchers USB connections considered safe from such leakage. However, these tests demonstrate a worrying vulnerability with USB connections. Dr Yarom explains:

“USB-connected devices include keyboards, cardswipers and fingerprint readers which often send sensitive information to the computer.

It has been thought that because that information is only sent along the direct communication path to the computer, it is protected from potentially compromised devices.

But our research showed that if a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured. That means keystrokes showing passwords or other private information can be easily stolen.”

USB Security Needs Fixing

The results prove that USB requires new security standards, Dr Yarom asserts:

“The main take-home message is that people should not connect anything to USB unless they can fully trust it. For users it usually means not to connect to other people’s devices.”

The team from the University of Adelaide will present the results at this year’s USENIX security symposium in Canada.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Corsair Confirms AIO Kits For Intel Alder Lake-S LGA1700

Corsair has announced the availability of additional mounts for owners of its range of all-in-one…

2 days ago

EKWB Launches EK-PRO Waterblocks for Nvidia A6000 & A100

EK Water Blocks (EKWB) is now offering an enterprise-grade GPU water block for NVIDIA GeForce…

2 days ago

Fan Project Reveals Work on a ‘Classic’ Remake of Resident Evil 3

While the (relatively) recent Resident Evil 3 remake was widely praised by many, it wasn't…

2 days ago

GeIL Announce Availability of POLARIS RGB DDR5 Gaming Memory Kits

GeIL has announced the launch of their latest Polaris RGB DDR5 Memory providing high-speed modules…

2 days ago

Fresh Details Emerge on Nvidia 3050/Ti Graphics Cards

It has been around 5 months now since Nvidia officially announced the launch of its…

3 days ago

Revised Nvidia 3080 Might Be Going Back to an Original Spec

It's been around a year now since Nvidia released its GeForce RTX 3080 graphics card.…

3 days ago