The software responsible for administering this popular type of connection used by mobile phones, memory sticks and peripherals can be modified to electronic surveillance and remote control of equipment, according to a report from German specialists.
The USB devices can operate as the spearhead of a potential hacker attack on personal computers, either through a keyboard, a memory key or other accessories that use this type of connection, according to a report published by the Computer Security firm SR Labs Berlin, Germany.
Under this scheme, an attacker could modify the software used to control the functions of a USB device, and thus take control of a computer. Karsten Nohl, head of the research team at SR Labs, said to reproduce this type of computer attack by modifying the lines of code that controls the operation of a USB connector of mobile phones and memory sticks.
Thus, using software created for this purpose, this method allowed recording the activity of a keyboard to eavesdrop on communications that are made from the personal computer, among many other actions.
According to the report of SR Labs, the antivirus are designed to analyze any program that was loaded into memory, but do not verify the integrity of firmware, the software entrusted to administer any electronic device, and that is usually programmed of factory.
What SR Labs is able to demonstrate that any computer specialists with the necessary knowledge can develop the tools necessary to emulate the default setting that has the firmware to prepare electronic and, through this connector USB device or any accessory, access and control without consent to a personal computer.