The USB ports on your computer are dangerous!
Did you know that?
Maybe not – but let’s go through the potential threats in depth.
USB ports have been around for a long time – and just about every computer has them.
They can be used for a variety of devices – thumb drives or flash drives, keyboards, mice, web cams, and much, much more.
The USB (or Universal Serial Bus) port was a big hit when first introduced.
There’s a few reasons for that.
The USB port is very versatile.
It can provide power to devices – which is great for flash drives and small portable hard drives – or even a mini fan!
They can transfer data signals.
And they are part of a “bus” -which means they can pass on data from another USB device.
USB is very friendly to computer users – but the original designers did not foresee how these devices might be abused by hackers and cyber criminals.
USB – Power Surge
The ability of a USB port to power small devices is very handy.
Unfortunately many device manufacturers do not adequately protect the USB data and power lines from a power surge.
That’s right – your laptop or computer might be highly vulnerable to a power surge over any USB port.
This wouldn’t be a big deal – after all – what are the chances of this happening?
Unfortunately, there is a small, portable device that has been designed for this very reason.
It is called the USB Killer V3.
Billed as a tool for testing (Elector Static Discharge – ESD Testing Device) for power surge protection, it can easily be used by anyone to destroy computer equipment.
The attacker can simply plug this device into any open USB port (they don’t need to login to the computer, but the computer does need to be turned on.)
The USB Killer V3 uses a capacitor inside that stores energy from the USB power lines – and when the energy level has built up enough – it can ZAP the circuit boards and permanently ruin them.
The manufacturer claims that 95% of all consumer devices are vulnerable to the USB Killer.
How can you protect yourself against this menace?
It’s not practical to retro-fit surge protection on the USB Ports into a laptop computer.
But, you can control physical access to your hardware – and ensure you have up to date, full backups at all times.
That way, if your computer does get ZAPPED – you still have the critical data that is on it.
(They also sell a USB Killer Shield – but that is more for exploratory work and would easily be removed by any attacker with physical access to your device.)
Keyboard Logging Devices
One of the most effective computer compromise techniques is key logging.
This is where a software program or hardware device are used to capture the raw keystrokes from the keyboard.
User names, passwords, social security numbers, and all sorts of information can be gathered.
And this method completely bypasses any encryption protection. If you are entering your bank account info into an SSL protected web site – it doesn’t matter!
The keystrokes from the keyboard are being intercepted and captured before any encryption is even taking place!
Key loggers as part of computer viruses and other malware have been around for a long time.
But did you know there is a simple USB device you can plug into a computer to get a physical hardware key logger?
It’s called the KeyGrabber USB.
It’s a simple, tiny USB device.
An attacker would plug this into any USB port on the target computer – then plug the USB keyboard into the key logger.
Most computer users would not notice the small profile of the extra USB device – especially if the keyboard plugs in to the back of the computer under the desk!
Take a look – here it is. Would you notice that plugged into your computer?
The device can then log and store all the keystrokes of every computer user. No computer login needed!
Of course, to make this attack practical the attacker needs physical access to the target computer – to place the device and to retrieve it later.
But – there’s also an advanced version that can relay the keystrokes via WiFi in real time – this is another serious security gap.
How can you defend yourself against this threat?
- Maintain careful control of who has physical access to your computer
- Inspect your computer regularly for “mystery” hardware
- Be very careful about where you enter your very confidential data – like bank account routing numbers. I would NOT enter that sort of info on any “unknown” computer – EVER.
- Use 2FA (Two Factor Authentication) to ensure that usernames and passwords by themselves are not adequate to gain access to your most important accounts.
- Use a device like a laptop, notebook, or tablet that doesn’t have an external keyboard. Just remember that software keyloggers are also a threat!
USB Data Lines Can Be Dangerous
How many times have you done this?
Someone needs to charge their phone – or other device.
You plug it into one of the USB ports on your computer – and you expect the device is simply charging.
Remember that USB has data lines and power lines – and any device plugged in could be using BOTH.
The data lines are not needed for re-charging a device.
When you connect a device via USB to your computer, it can potentially attempt to run things on the USB, or do other unwanted activities.
Malware that spreads via USB devices is one of the top techniques hackers use to compromise computers – even so-called “air gapped” computers that aren’t connected to the Internet.
The best practice in security would be to only re-charge unknown devices with a wall plug and USB cable – DO NOT plug them into your computer.
But, if that isn’t an option – you can use something called a USB Data Blocker.
A device like the can help protect your computer.
It blocks the data lines of the USB connection – but ensures the charging and power lines work as intended with no degradation.
USB Is Dangerous – In Summary
USB is super-handy for computer users.
But it also represents a serious cyber-security risk.It can be used by an attacker to collect information – or to destroy your equipment.
Be aware of what the threats are – and you are in a better position to be able to mitigate the risks.