USB Crosstalk: The Unknown Flash Drive You Connected Could Leak Personal Data
Data storage is transformed from the old floppy disk age when the data in kilobytes was stored. With the change in time, soon compact discs, external drives, and USB sticks became the norm for data storage. Now we see people carrying tiny flash devices that can hold gigabytes of storage. However, with great convenience come great risks. These external devices are highly susceptible to virus and malware which could infect other systems when connected. To prevent the USB devices from affecting the computers, there are several antivirus and anti-malware that can scan those thumb drives and hard drives to eliminate any threats posed.
Bigger risk than virus
The USB drives not only carry the virus but are capable of doing bigger harm. It appears like a pretty straight forward operation: plug in the drive into USB and transfer the files. However, there’s a deeper operation that undergoes. Recently, researchers at the University of Adelaide’s School of Computer Science have discovered that USB has the capability of performing crosstalk attacks. If the signal is clear enough, someone could eavesdrop on that crosstalk from a USB port that's next to the one you're using. The University's Dr. Yuval Yarom stated that "if a malicious device or one that's been tampered with is plugged into adjacent ports on the same external or internal USB hub, this sensitive information can be captured."
Electric signals steal data
Even the tech savvy individuals may not easily spot the USB crosstalk attacks: it’s that complicated. An innocent looking mouse, keyboard, webcam, or printer could all be modified to stealthily steal data from the neighboring ports. Alarmingly, 90% of the devices tested by the research team leaked data. The common misconception is that USB port has limited permissions and everything is under the user’s control. Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The testing displayed that voltage functions of the USB port’s data lines can be monitored from the adjacent ports on the USB hub.
The main message to take home is that users should not be curious about plugging in random USB sticks to their computer. Attackers may especially trick their targets into picking up the malicious USB sticks and connecting them to their computers. Therefore, an unknown USB drive on your desk--is a strict no.