Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker, according to new research from scientists at the University of Adelaide in Australia.
The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.
"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub."
Electric signals leak data to adjacent USB ports
This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.
Researchers say that an attacker could collect this data and use an Internet connection to send it to the attacker's server. Anything that passes in an unencrypted form through adjacent USB ports can be collected.
