The keyboard also poses a security risk

Scientists have warned that peripheral devices such as keyboards, mice or headsets are also a security risk for computers.

These peripherals themselves have made mistakes and they can be taken advantage of to steal data. Researchers from the University of Pennsylvania School of Applied Technology named the faulty hardware JitterBugs.

The name JitterBugs already exists on how peripheral devices send a lot of stolen data types by inserting unrecognizable delays during processing each time there is a key on the keyboard. is pressed.

What is JitterBug?

Picture 1 of The keyboard also poses a security risk Conceptually, JitterBugs devices are similar to malicious keylogger programs that collect data by recording keystrokes. The difference is that the JitterBugs device needs to be attached directly to the PC system while the keylogger can automatically install.

To demonstrate our warnings, researchers from the University of Pennsylvania School of Computer Science and Information and a graduate student Gaurav Shah and Professor Matthew Blaze successfully developed a JitterBug keyboard. quite easily.

JitterBugs devices can also collect information from any interactive application software that requires a combination of keyboard operations and network operation. Take, for example, instant messaging applications, SSH or remote PC control applications. JitterBugs takes data by inserting delays that are hard to detect into the data processing process every time a user presses a key on the keyboard.

" This can be seen as a form of espionage. Someone just needs to directly access your computer and install a JitterBug device. It's also easy to hide JitterBug devices or even providing users with a JitterBug keyboard , "Shah said.

Potential dangers

In a scenario Professor Blaze calls "Supply Chain Attack", peripheral device manufacturers will be attacked and, as a result, there will be a lot of JitterBug-error keyboards to hit the market. The attacker only needs to wait until those keyboards are installed and receive data.

Shah said the channel that JitterBug uses to send data is also the weakest point of this error. This weakness can be used to detect and deal with JitterBug.

And although only presented simple countermeasures with JitterBug, Shah's early results show that using cryptographic techniques to conceal encrypted Jitter channels would be a promising solution. appointment.

Never thought of

" We often think that keyboards or input devices are completely safe. However, our research has shown that if we want a very secure system, we must also secure devices. that is safe, " Shah insisted.

" Although we don't have any evidence that someone has used JitterBug, what we want to say behind that warning is if we were able to produce the JitterBug device. surely someone will be able to do it , "Shah insisted. " Not except that it is a bad person ."

Hoang Dung