A test of more than 50 different computers linked with USB hubs, the most common medium to connect external devices to computers, revealed that more than 90 percent of the computers leaked information to the USB device, according to a recent study conducted by researchers from the University of Adelaide.
USB connections include some of the most commonly-used devices for computers, including keyboards, mouses, printers and fingerprint readers.
The leak was originally discovered when a University of Adelaide student, in conjunction with researchers from the University of Pennsylvania and the University of Maryland, used a store-bought lamp with a USB connector to record each keystroke from the adjacent keyboard USB interface. From there, the data was sent via a Bluetooth connection to another computer.
“It has been thought that because that information is only sent along the direct communication path to the computer, it is protected from potentially compromised devices,” Yuval Yarom, a research associate with the University of Adelaide, said.
He continued, stating that their research showed that if a malicious device or one that has been tampered with was plugged into adjacent ports on the same external or inter USB hub, the sensitive information could be captured, including keystrokes showing passwords or private information.
According to Yarom, if USB sticks are dropped on the ground, 75 percent of them are picked up and plugged into a computer. But, he said, they could have been tampered with to send a message via SMS, a common text messaging medium, to a computer anywhere in the world.
One long term solution proposed by Yarom would be to redesign USB connections to make them more secure.
“The USB will never be secure unless the data is encrypted before it is sent,” Yarom said.