none

FIX THOSE LEAKY PORTS

14-08-2017
by 
in 

Tests on USB connections have shown they are highly susceptible to information “leakage”, making them less secure than previously thought.

Researchers from the University of Adelaide in South Australia tested more than 50 different computers and external USB hubs and found that more than 90 per cent of them leaked information to an external USB device. The results will be presented in Canada at the USENIX Security Symposium in Vancouver next week.

Project leader Dr Yuval Yarom, Research Associate with the University of Adelaide’s School of Computer Science, said it had been thought that because USB-connected devices only sent information along a direct communication path to the computer, it was protected from potentially compromised devices.

He said USB-connected devices were the most common interface used globally to connect external devices to computers and included keyboards, cardswipers and fingerprint readers, which often sent sensitive information.

“But our research showed that if a malicious device or one that’s been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured. That means keystrokes showing passwords or other private information can be easily stolen,” Dr Yarom said.

Dr Yarom said this “channel-to-channel crosstalk leakage” was analogous with water leaking from pipes.

“Electricity flows like water along pipes – and it can leak out,” he says. “In our project, we showed that voltage fluctuations of the USB port’s data lines could be monitored from the adjacent ports on the USB hub.”

The leak was discovered by University of Adelaide Computer Science student Yang Su in collaboration with Dr Daniel Genkin (University of Pennsylvania and University of Maryland) and Dr Damith Ranasinghe (Auto-ID Lab, University of Adelaide). The tests were conducted in late 2016 and early this year.

The team used a modified cheap novelty plug-in lamp with a USB connector to “read” every keystroke from the adjacent keyboard USB interface. The data was sent via Bluetooth to another computer.

Dr Yarom said other research had shown that 75 per cent of USB sticks dropped on the ground were picked up and plugged into a computer. But they could have been tampered with to send a message via Bluetooth or SMS to a computer anywhere in the world.

He said Bluetooth was a more secure way of transferring information.

“We wanted to understand better what things are secure, what things are not and what risks people might be facing,” said Dr Yarom, who will attend the symposium in Vancouver from August 16-18.

“The main take-home message is that people should not connect anything to USB unless they can fully trust it.

“For users it usually means not to connect to other people devices. For organisations that require more security, the whole supply chain should be validated to ensure that the devices are secure.”


Dr Yarom said the long-term solution was a redesign of USB connections to make them more secure.

“The USB has been designed under the assumption that everything connected is under the control of the user and that everything is trusted – but we know that’s not the case,” he said.

“The USB will never be secure unless the data is encrypted before it is sent.” 

South Australia’s capital Adelaide has three long-standing public universities, Flinders University, University of South Australia and the University of Adelaide, each of which are consistently rated highly in the international higher education rankings.

Related news & editorials

  1. 20.04.2018
    20.04.2018
    by      In
    There will be a strong Australian flavour to the Siemens stand at this year’s Hannover Messe, which begins on the 23rd April. A group group of more than 100 people will be on hand, including members of the Prime Minister’s Industry 4.0 Taskforce, customers and stakeholders from a range of... Read More
  2. 19.04.2018
    19.04.2018
    by      In
    In a move welcomed by industry leaders and the WA Government, Chevron has greenlit an expansion of the Gorgon liquefied natural gas (LNG) project offshore Western Australia’s north-west coast, promising to deliver yet more jobs. 
    The Gorgon gas project, situated about 150km north of Onslow off the... Read More
  3. 19.04.2018
    19.04.2018
    by      In
    As nations around the globe search for new ways of handling waste following China’s decision to stop processing the world’s rubbish, a South Australian man is searching for investors to help build a commercial system that converts waste plastic into biogas.
    The extension of China’s ‘Operation Green... Read More
  4. 17.04.2018
    17.04.2018
    by      In
    Standing still is never an option in the media, and that is why we’ve given the Industry Update website a fresh new look with pages that are easier to navigate as well as being easy on the eye.
    According to Publisher Scott Filby: “Like any website, ours has grown organically over the years, gaining... Read More