USB (Universal Serial Bus) is a standard method for connecting devices and data transfer.
It is a well known fact that sometimes USB devices infect your computer with deadly viruses. Good thing is that now most people know about it, and use an anti-virus software to detect the malware and viruses hidden inside a USB along with data.
But what if the malware is embedded inside the firmware of USB? obviously no antivirus program has the ability to scan the “chip” of a USB drive. So it means that a manipulated USB can infect your computer, without your knowledge; making it a greater security risk than previously believed.
At the Black Hat Hackers conference in Las Vegas, researchers from the Berlin data security company “Security Research Labs” have demonstrated that how easy it is to remotely control a computer with the help of a USB device, and the horror scenario is that the user will never know about this.
The malware is hidden inside the firmware of device. The firmware contains the information about the function of a USB. It tells the computer that if the USB plugged in by the user is a storage device, keyboard, camera, network card or a mobile phone etc.
So if the firmware of a USB has been manipulated it can fool the computer system to think of itself as a keyboard and log all the keystrokes, including your passwords and personal information. In another scenario, it can disguise itself as a network card and copy all your data traffic and send it to hackers without your notice.
Both of these scenarios were demoed at the Black Hat Hackers conference and there is a significant number of manipulation options which makes things so horrible.
The security experts have demanded to upgrade the USB standard with additional capabilities for security. Unfortunately, at present there is no way to protect yourself against this kind of data theft, other than stop using all kind of USB devices.