Filed under: Internet, SecurityUsing a well-documented and easily-replicated flaw in the USB specification, a bunch of plucky Canadians have managed to turn innocuous peripherals like keyboards into a hardware trojan horse.
The team produced a modified keyboard that was capable of transmitting data in Morse code, using an LED — but that was just a proof of concept! There's nothing to prevent a keyboard from sending data over the Internet via email, FTP, or indeed any other transmission method.
This clever exploit relies on a weakness in the USB plug-and-play specification: it is the device's responsibility to identify itself. If a keyboard says it's a keyboard, the computer believes it; a keyboard could identify itself as a camera and the computer would not be any the wiser. To turn a keyboard into a hardware Trojan, the team modified the hardware but ensured that it still reported the same identity when plugged into the computer.
Using this exploit, a real-world sneak-thief could easily switch keyboards in an office workplace with identical-looking Trojan-enhanced replacements.
But why stop at keyboards? You could make Trojan mice, microphones, printers, or even coffee cup warmers. You can be certain that a peripheral manufacturer will accidentally ship a device with a hardware trojan, too — just give it a few months!
The virus scanners of tomorrow are going to have to get a lot smarter, that's for sure.
tweetmeme_url = 'http://www.downloadsquad.com/2010/07/02/usb-keyboard-peripheral-could-be-harboring-a-trojan-virus'; tweetmeme_source='DownloadSquad'; tweetmeme_style = 'compact'; Share Your USB keyboard (or coffee cup warmer) could be harboring a Trojan keylogger… or worse!
Fuente: Download Squad