Oh, cute little helpful USB Cable, how I one day may loathe you. I just think I’m innocently plugging you into my computer, perhaps to charge although you take infinitely longer than a wall charger, or maybe I’m moving some pictures or files. Then without warning, an attacker is actually operating my computer, my personal identity is stolen, and I’m bankrupt.
(image via CNET)
I’m being over-the-top of course, but the fact that researchers from George Mason University have found a way to alter Android’s USB Driver properties to launch an attack and take over a computer almost completely undetected seem like a rather scary possibility. The same could be done for iPhone and the threat has worked on Windows, Mac and Linux alike.
Two facts I found extremely interesting from the CNET article include the inherent stealth of the exploit:
Antivirus software wouldn’t necessarily stop this because it can’t tell that the activities of the exploit are not controlled or sanctioned by the user, Stavrou said. “It’s hard to separate good behavior from bad behavior when it comes from the keyboard,” he said.
And its ability to spread:
“Say your computer at home is compromised and you compromise your Android phone by connecting them,” he said. “Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android. It’s a viral type of compromise using the USB cable.”
You shouldn’t worry about plugging your phone into your computer after reading this article, but the fact remains, you should always be cautious of what you’re downloading and from where you’re downloading. In this case, we’re lucky the good guys are finding out the cool exploits, but trust me when I say that there are probably more doing the same type of research who aren’t on the side of good. And I know there are plenty of rooting aficionados out there downloading and booting ROMs with altered drivers!