London, July 3 (ANI): A USB coffee cup warmer could be a potential thief and steal personal data from your computer, say engineers.
A glitch in how the Universal Serial Bus (USB) works, could make many of the devices attached to your computer, like mouse, keyboard and even the printer, vulnerable to what is called the "hardware trojan".
Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into.
Computer engineers John Clark, Sylvain Leblanc and Scott Knight at the Royal Military College of Canada in Kingston, Ontario, wondered if a hardware trojan attack could be carried out by other means.
They calculated that the easiest way to introduce a hardware trojan might be via a computer's USB ports.
The trio found they could exploit a weakness in USB's plug-and-play functionality.
The USB protocol trusts any device being plugged in to report its identity correctly.
But, for example, if one finds out the make and model of a target user's keyboard, and swap it with a compromised device that reports the same information - even if it is not a keyboard, the computer won't realise.
The team designed a USB keyboard containing a circuit that successfully stole data from the hard drive and transmitted it in two ways- by flashing an LED, Morse-code style, and by encoding data as a subtle warbling output from the sound card.
They could have chosen more efficient methods to transmit the data, such as email, but Leblanc said that their main goal was to see if they could steal data without anyone noticing.
"We've shown any USB device could contain a hardware trojan," New Scientist quoted him as saying.
Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks.
"This work opens many cans of worms. A USB device cannot now be trusted - it may have hidden processing capabilities," said Vasilios Katos, a computer scientist at the Democritus University of Thrace in Greece.
Leblanc agreed with him, saying: "You could mount a hardware trojan attack with a USB coffee-cup warmer."
The study has been published in Future Generation Computer Systems. (ANI)