Crosstalk Leakage Attacks – Experts demonstrated that USB gadgets can secretly spy on data flowing in and out of devices plugged into adjacent USB ports.
A group of Australian researchers has demonstrated that USB gadgets can secretly spy on data flowing in and out of devices plugged into adjacent USB ports.
The spy gadget can intercept electrical signals leaking from adjacent ports that expose sensitive data to the attackers, a phenomenon technically defined as “channel-to-channel crosstalk leakage.”
“Electricity flows like water along pipes – and it can leak out,” explained Dr. Yuval Yarom, who leads the project. “In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub.”
“But our research showed that if a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured. That means keystrokes showing passwords or other private information can be easily stolen.”
In an attack scenario, a malicious USB device is inserted into an adjacent port allowing the attacker to monitor data flows, collect data and send it back the attacker’s server. Anything that passes in an unencrypted form through adjacent USB ports can be collected.
Potentially, the Crosstalk leakage can expose any data that is managed in an unencrypted form through nearby USB ports.
For the experiment, researchers used a modified off-the-shelve plug-in USB desk lamp, it was used to log every key stroke from an adjacent USB keyboard and send the data to another computer via Bluetooth.
A software running on the computer was used to decode the key presses capture the sensitive data that was being typed.
“The USB has been designed under the assumption that everything connected is under the control of the user and that everything is trusted – but we know that’s not the case. The USB will never be secure unless the data is encrypted before it is sent,” Yarom said.
“The main take-home message is that people should not connect anything to USB unless they can fully trust it. For users it usually means not to connect to other people’s devices. For organizations that require more security, the whole supply chain should be validated to ensure that the devices are secure.”
The researchers discovered that over 90 per cent of the 50 or so USB devices tested is vulnerable to channel-to-channel crosstalk leakage attack.
“The main take-home message is that people should not connect anything to USB unless they can fully trust it,” researchers concluded.
The researchers will present their study, entitled “USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs,” next week at the USENIX security conference in Vancouver, Canada,