Phone Disguised as Keyboard Can Hack Computer
You know it's a phone, but does your computer know that?
We plug a lot of things into our computers without thinking about it. That’s one of the wonders of USB, which has made it exceptionally easy to connect all sorts of different peripherals to our computers while using one standard plug.
Of course, this kind of ubiquity along with our carefree spirits presents a massive security hole. Computer security researchers have demonstrated how computers can be fooled through the USB port.
A team at the George Mason University used an Android-based Nexus One to fool a laptop that it was a keyboard. Through that, it can issue commands to the computer to steal files and download malware.
This exploit is possible because the USB protocol allows for a connection without authentication. Part of the problem is that operating systems do no prompt the user whether he or she wishes to really connect the peripheral to USB.
In Windows, a little pop up appears briefly informing the user that it's detected a new device. On a Mac, a command can get rid of that notification, and there's no notification at all on Linux.
The malware can be transferred from USB to USB, meaning that a phone could transfer it to a computer, which could then transfer it to another phone when it's connected via USB.
Of course, like the case of staying safe in the real world, just be careful where you choose to plug your ports (or what you allow to be plugged into your ports).
Read more at Cnet.
0 comments:
Post a Comment