Security News Beware of Fake USB Chargers that Wirelessly Record Everything You Type, FBI warns

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Last year, a white hat hacker developed a cheap Arduino-based device that looked and functioned just like a generic USB mobile charger, but covertly logged, decrypted and reported back all keystrokes from Microsoft wireless keyboards.

Dubbed KeySweeper, the device included a web-based tool for live keystroke monitoring and was capable of sending SMS alerts for typed keystrokes, usernames, or URLs, and work even after the nasty device is unplugged because of its built-in rechargeable battery.


Besides the proof-of-concept attack platform, security researcher Samy Kamkar, who created KeySweeper, also released instructions on how to build your own USB wall charger.

Now, it seems like hackers and criminal minds find this idea smart.

The FBI has issued a warning advisory for private industry partners to look out for highly stealthy keyloggers that quietly sniff passwords and other input data from wireless keyboards.

According to the advisory, blackhat hackers have developed their custom version of KeySweeper device, which "if placed strategically in an office or other location where individuals might use wireless devices", could allow criminals to steal:
  • Intellectual property
  • Trade secrets
  • Personally identifiable information
  • Passwords
  • Other sensitive information
Since KeySweeper looks almost identical to USB phone chargers that are ubiquitous in homes and offices, it lowers the chances of discovering the sniffing device by a target.



Read more: Beware of Fake USB Chargers that Wirelessly Record Everything You Type, FBI warns
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
The FBI is warning that stealthy keystroke loggers could disguise themselves as innocent USB drives or phone chargers—while in reality uploading all input typed into a keyboard by the user.



The Feds warned that since portable drives and the like are often modular and programmable, it’s fairly easy for a threat actor to simply swap out a part (an RF chip for a Wi-Fi sniffer, for example) or alter coding in order to make the gadget something capable of stealing data over the air.



"If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber-actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords or other sensitive information," FBI officials wrote in the advisory [PDF]. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen."



According to Lane Thames, security research and software development engineer for cybersecurity firm Tripwire, noted that such issues will become more common as the internet of things (IoT) era gets underway.



“Unfortunately, we don’t always know what a particular device is capable of doing,” he told Infosecurity. “In this regard, physical security will need to evolve. Organizations that work with sensitive information should consider implementing a physical security policy. This policy will need to consider how to both vet and monitor devices that enter proximities where sensitive information is interacted with.”Full Article. FBI Warns of Keyloggers Disguised as USBs
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top