When it comes to data protection, the University of Adelaide researchers have shown that USB connections and USB sticks are the weakest links in the chain. As the researchers say, external USB drives are prone to information leakage, which raises concerns around the security of the devices.
As the researchers have found out by testing 50 computers and external USBs, over 90 percent of the devices leaked information to another external drive, making this a pretty high percentage.
This project’s leader, Dr. Yuval Yarom, Research Associate with the University of Adelaide’s School of Computer Science released a press statement in which he said what is included under the term of USB-connected devices – card swipers, keyboards, fingerprint reader, which all more often than not send sensitive information straight to the computer.
He said that their research has shown that the sensitive information can be stolen in case of a malicious device or a device that’s been tampered with gets plugged into ports on the same internal or external USB hub. The sensitive information in jeopardy could be anything like keystrokes showing passwords or similar private information.
This type of data leaks has been compared to water leaking from pipes because as the computer scientists say, USB port’s data lines’ voltage fluctuations can be monitored from the adjacent ports on the USB hub.
The researchers used a modified affordable plug-in lamp alongside a USB connector that read every key stroke from the adjacent keyboard USB interface. The result was that the data from the Bluetooth connected keyboard got to another computer. Because of the popularity of these devices, the result of the research raises fear around the security of users’ data.
According to the researchers, users don’t really worry about the possible tampering of USB sticks and tend to plug them in their device without much thinking. Because of this, researchers warn that these USB sticks can be used to send a message via Bluetooth or SMS to a computer anywhere in the world.
Dr. Yarom said that what people should take out of the research conducted is to think a little more about what they’re connecting to USB. Connecting to other people’s devices is what it means for the most users. And for the companies, it means that the whole supply chain should be validated to ensure that the devices are secure.
He added that in the future maybe USB connections will have to be redesigned for raising security. Data should also be encrypted before it is sent via these devices.