In a recent research, it has been revealed that our computers can now be hacked even through the USB devices we use such as keyboards, mice, flash drives etc. These peripherals can be used to hack into our computers breaking through all safety precautions.
The chief scientist at Berlin‘s SR Labs, Karsten Nohl, said that malevolent software could be loaded onto small and cheap computer chips by hackers to fiddle around with the functions of USB devices that do not have integrated protection against meddling with their code.
“Karsten Nohl” belongs to a firm which is famous for disinterring serious defects in mobile phone technology. Nohl said that it is difficult to tell where the virus came from and it seems a lot like a magic trick.
Hack Computers Using USB Devices
Researchers found out that the software bugs that help operate small electronic parts are undetected by an ordinary user and can be of serious harm once hackers find out a way to misuse them. Now more attention is being given to finding ways to overcome these flaws.
Nohl’s firm has used malicious software that erases data, records keystrokes and keeps a track of the conversations. The firm did this by writing a malicious code onto chips that control the settings of smartphones and flashdrives.
Nohl said that, as anti-virus programs only scan the software that is present in the memory and not the firmware, so computers are unable to detect infected devices.
At the next week’s Black Hat hacking conference, Nohl and Jakob Lell who is a security researcher at SR Labs will tell about how they will go on with their attack method.
At the yearly conference, thousands of officials from security firms get together to learn more about new ways of hacking, also the ones that risk the security of computers used for commercial purposes. Nohl commented that, it wouldn’t come out as a surprise for him if the National Security Agency or any other security agency used this technique for hacking.
He put forward a research about methods on how to attack SIM cards at the Black Hat conference last year. A former NS contractor, Edward Snowden leaked documents which showed that NSA was using “Monkey Calendar” a technique similar to this and an NSA spokeswoman refused to comment on this.
This technique was tested by SR Labs. They wrote this malicious software onto controller chips made by Phison Electronics Corp, a Taiwanese manufacturer. They placed these infected chips in USB devices and smartphones that run on Android operating software.
An attorney of Phison, Alex Chiu sent an email to Reuters in which he told that in May, Nohl contacted them about his research.
He said that, Phison had no soiled proof regarding Nohl’s accusation so they could not comment on it as he did not provide a thorough analysis that supported his finding.
Chiu said that, it was not possible to rewrite the firmware without having the secret information of Phison. Nohl said that his firm hasn’t tested chips manufactured by Silicon Motion Technology Corp and Alcor Micro Chip which are of the same sort.
Google did not reply when it was requested to comment and the officials at Silicon Motion and Alcor Micro could not be contacted.
According to Nohl, it would be easier for hackers to infect other chips as compared to Phison because the manufacturers of other chips usually do not secure the software. He said once these chips are corrupted then they could further infect the connected devices.
Nohl was able to download a malicious program onto a computer by instructing the infected USB to do so and the computer believed the instructions were given by the keyboard. He also managed to change the DNS network settings of the computer and instructed it to connect to malicious servers.
All machines can be corrupted once the infected USB devices are connected to them.
Nohl said that now as all the USB devices are corrupted, it gets very difficult to remove it as it is very tenacious and it seems like you can never get rid of it.
A German professor, Christ of Paar reviewed the findings that a new research would make more people discover more bugs and he requested all manufacturers to make the protection of their chips better to avoid attacks.