USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it up and take it to work or home. I find that people are unaware of this tactic, so the tip today is to beware of random USB drives and phone chargers and walk away if you find one.
How does it work? Portable drives are “modular and programmable” so attackers can swap parts or alter coding in the USB drive or phone charger and switch it with code that is able to change the functionality of the device into a password sniffer or keystroke logger that can infect a computer and steal information.
Last year, a white hat hacker was able to develop a device that looked like a generic USB mobile charger but was able to log, decrypt and track all keystrokes from a Microsoft wireless keyboard and transmitted the information over cellular networks, which has been dubbed “KeySweeper.” Microsoft has stated that Bluetooth-enabled keyboards are protected against KeySweeper.
Black hats have developed their own malicious sweeping devices and people and businesses are becoming victims. It has become such a problem that the FBI recently issued a private industry warning to be aware of and look out for highly stealthy keyloggers that sniff passwords and other input data from wireless keyboards. According to the FBI, “if placed strategically in an office or other location where individuals might use wireless devices” the hackers could steal intellectual property, trade secrets, passwords and personally identifiable information.
The FBI further stated that “[t]he primary method of defense is for corporations to restrict the use of wireless keyboards. Since the KeySweeper requires over-the-air-transmission, a wired keyboard will be safe from this type of attack.”
According to Microsoft, to combat against this threat, use a Bluetooth-enabled keyboard or one that has been manufactured after 2011 that uses Advanced Encryption Standard (AES) encryption technology.
And when you see a stray USB drive or charger hanging around, don’t be tempted. Walk away from it.