Plugging an unknown USB drive into your system could have disastrous consequences, that’s a well known fact. While USB drives are quite handy when you can to quickly transfer files between systems or keep important files with you on the go, they’re known to harbor malware which could compromise the security of your devices. USB drives can be loaded with anything from Trojans to ransomware which could wreak havoc unless you have an updated anti-virus.
However, new types of malware keep popping up ever so often and even the best anti-virus software sometimes have a hard time detecting them. Now, researchers from Ben-Gurion University in Israel have discovered 29 types of USB attacks that even have the potential to compromise your smartphone. Ran Yahalom, one of the researchers on the project, told TechRepublic:
“There are many non-trivial USB-based attacks. Some are carried out by the host, the computer connecting the USB peripheral. The most common ones are infected, or malicious. Once connected, they have access and take control of your computer.
Microcontrollers are another attack category. Microcontrollers can impersonate a USB peripheral. For example, you can program a TNC microcontroller or an Adreno to act like a keyboard or a mouse. Once you program a keyboard and connect, it actually starts injecting key presses. It’s actually like having someone working on your computer.”
Yahalom goes on to explain a number of other different types of USB-based attacks. For example, he talks about an attack which makes use of an off-the-shelf USB drive with reprogrammed firmware that can be remotely controlled. Other types of attacks include electrical attacks, which make use of electrical components disguised as a USB drive which have the capability of pushing a power surge through the system and frying the computer.
It’s not just computers that are vulnerable to such USB attacks. As Yahalom explains, even smartphones are susceptible to microcontrollers disguised as chargers which can be used to lock the device unless a ransom is paid. As a proof of concept, Yahalom developed a microcontroller which looked like a normal mobile charger and used it to successfully lock a device.
To prevent such devices from affecting your computer or smartphone, Yahalom suggests:
“Treat technology as something you don’t naturally trust. As users, we ahave a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”