Monday, July 5, 2010

Hardware trojans another way to steal data

Ever wondered if your mouse keyboard or other USB peripherals could transmit sensitive data. Yes this is possible with what is called "Hardware Trojan". Hardware Trojans are compromised hardware devices which can send data to a remote thief. Until now Hardware Trojan was considered as modified electronic circuitry like if it has been fabricated in the factory to do so but, a recent finding by engineers at the Royal Military College of Canada in Kingston, Ontario suggests that a flaw in the USB could be used to sack into data from the hard disk.

The USB's plug and play functionality allows any device being plugged in to report its identity correctly. If the swapped device belongs to the same manufacturer and model the computer will not even notice a change in the device. Any USB device like a keyboard or a mouses could be swapped to a hacked one without  the user knowing it. The engineers at Royal Military college successful designed a USB keyboard that successfully transmitted  binary data from the Hard Drive via led flashing which could be encoded using Morse Code and by encoding data as a subtle warbling output from the sound card.

This is serious threat to government agencies and private corporations which have a lot of sensitive data. There might be hacked devices already sending data from these institutions and detection is not so easy. The limitation of this hack is that the data thief  should have physical access, so normal individual is kind of secure. This kind of hack is only possible were a lot of people work and people don't have any idea if  someone among them is involved in spying or treachery.

Here's a video which will help you understand better.

Demonstration of Hardware Trojans from Ryan Hoover on Vimeo.

No comments: