Set a smartphone to hack a PC
Thursday, 20 January 2011

Connect a smartphone to your PC and you might be giving it the power to do anything you could do - and its just a matter of creating a USB driver.

 

Banner

 

You have to admire this idea even though after you know about it you also have to admit that is seems fairly obvious. It's a sort of "why didn't I think of that".

The idea presented by a pair of researchers at the Black Hat DC conference is that you take a smart phone - an Android as it happens but it could be any - and you write a driver to make the USB connection look like a keyboard or a mouse. It's not a completely new idea and has been applied to other devices and other interfaces before.

When the unsuspecting user plugs the phone in to sync it with a PC the mobile phone takes control and does what it likes - well as much as the user typing on the keyboard could do. Clearly the PC can't tell the difference between the fake keyboard and a real one so it can't prevent the attack.

 

nexusS

 

It is also fairly easy to see how to build an eco-system of malware based on the idea. The phone first gets infected with the driver then it infects the PC which in turn spreads and infects other phones. It could be a lot of trouble if it was to be implemented for real and we probably should be thinking of ways of short circuiting the attack. It certainly highlights the insecurity of the USB connection. Users regard the physical nature of the connection to restrict the threat but clearly this isn't the case.

More Information

http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou

 

Banner


AI Breakthrough For Robot Surgery
17/11/2024

Using imitation learning, a robot has learned to perform surgical procedures as skillfully as human surgeons, bringing the field of robotic surgery closer to true autonomy.



Kotlin Ktor Improves Client-Server Support
04/11/2024

Kotlin Ktor 3 is now available with better performance and improvements including support for server-sent events and CSRF (Cross-Site Request Forgery) protection.


More News

Last Updated ( Thursday, 20 January 2011 )