USB devices such as mice, keyboards and thumb-drives can be used to hack into personal computers Reuters reported citing a top computer researcher.
"You cannot tell where the virus came from. It is almost like a magic trick," said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.
According to Reuters, the finding shows that bugs in software used to run tiny electronics components that are invisible to the average computer user can be extremely dangerous when hackers figure out how to exploit them. Security researchers have increasingly turned their attention to uncovering such flaws.
Nohl said his firm has performed attacks, which he will describe at next week's Black Hat hacking conference in
Computers do not detect the infections when tainted devices are inserted into a PC because anti-virus programs are only designed to scan for software written onto memory and do not scan the "firmware" that controls the functioning of those devices, he said.
Nohl said he would not be surprised if intelligence agencies like the
Nohl said he believes hackers would have a "high chance" of corrupting other kinds of controller chips besides those made by Phison, because their manufacturers are not required to secure software. He said those chips, once infected, could be used to infect mice, keyboards and other devices that connect via USB.
"The sky is the limit. You can do anything at all," he said.
In his tests, Nohl said he was also able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He said he was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route Internet traffic through malicious servers.
Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to that PC, which would then corrupt machines that they contact.
"Now all of your USB devices are infected. It becomes self-propagating and extremely persistent," Nohl said. "You can never remove it."
Most Popular Stories
- Tablets, Cars Drive AT&T Gains
- 2015 Mazda MX-5 Miata Is Fast and Eager
- Small Businesses Add 3 More Worries to Their List
- DOMA Tech Adding Jobs to Process VA Claims
- Apple Warns of China iCloud Attack
- Tech Firms Flock to LA's 'Silicon Beach'
- Job Hunting Is Hard Work
- Stocks Subdued After Gains Earlier in Week
- Ford, GM Expect to Report Strong Profits
- Consumer Prices Edge Up, Surprising Economists