June 11, 2016
That USB Phone Charger Might Be Stealing Your Data
If you haven’t yet heard of “KeySweeper,” you have a new threat to be on the lookout for. The KeySweeper device is built with off the shelf, Arduino components. These can be programmed for a variety of purposes, but the hacking community is using them as stealthy keylogging devices.
By all outward appearances, the device appears to be a harmless, ubiquitous USB phone charger. You can even use it for that purpose. Its real purpose, however, lurks beneath the case. It’s programmed to sniff out wireless keyboards, then log, and report back all keystrokes made with that keyboard. In other words, the phone charger sitting on your desk could be a modified charger that’s actually being used to track and record all your passwords so the hackers can use them for their own purposes later.
Most people don’t think twice about using any available USB phone charger. After all, it’s such a mundane piece of equipment, it simply isn’t associated with cyberthreats of any kind. Of course, the hackers are aware of this, which is why they’ve chosen something so innocuous as their vehicle of choice.
It gets worse. They keylogger has a range of about thirty feet, so it doesn’t even have to be at your workstation for it to nab your passwords. One of your coworkers could have it sitting on his or her desk, and it’ll be quietly collecting all your keystroke information.
This drives home the point that any piece of hardware (even something as basic as a USB phone charger) needs to be carefully tracked and monitored by your staff. The last thing you want is for someone to bring an “untrusted” charger into the office, and allow the hackers an easy in to your company.
If you’re worried about the state of internet security (on either the hardware or software side), contact us today, and a member of our team will be happy to assist you in assessing the current state of security at your company.