Peripheral Security – CompTIA Security+ SY0-501 – 3.3

We not only need to maintain the security of our computers, we also have to be concerned about the devices that we connect to our computers. In this video, you’ll learn how to secure your displays, printers, storage devices, and other peripherals.

<< Previous Video: Operating System Security Next: Secure Deployments >>

We don’t often think about our mice and our keyboards as being a security concern, but many wireless keyboards and wireless mice send information without any type of encryption between the mice and keyboard and your computer system. This means that anyone could listen in on these 2.4 GHz frequencies and capture all of the data. Although the information is using a proprietary protocol, all of that information is being sent in the clear. This means that someone could act as a keylogger and capture every bit of data that you’re typing into your keyboard, or they may be able to reverse the process and inject keystrokes into your system as if they were sitting in front of your keyboard.

There’s a known vulnerability called KeySniffer that allows somebody to perform these types of functions over insecure mice and keyboard configurations. This is why some keyboard manufacturers have already implemented AES encryption between your wireless keyboard and mouse and the system that you’re using. This means that no one could listen in to these wireless communications and be able to see anything that you’re typing. And they wouldn’t be able to put their own keystrokes into your computer, because everything over the system is encrypted.

If you get a transistor radio and hold it anywhere close to a computer, you’ll start to hear a lot of noise and a lot of interference that’s being captured on that radio. This electromagnetic radiation is coming from all of the different components of your system. The memory, the CPU and the display that you’re using. But some researchers have found that they can reconstruct what you’re seeing on your screen by simply listening in to the electromagnetic radiation that’s coming from your display, and since these signals could be heard from the other side of a wall, you could theoretically have someone looking at what you’re seeing on your screen without even being in the same room with you.

We’re also finding that many of these display systems have their own operating systems and require occasional firmware updates, but these firmware updates don’t have any security associated with them. There’s no type of authentication or checks to ensure the firmware that you’re installing is really the proper firmware for this particular system.

This means there’s the potential for someone to create malware that would be associated only with your display. Imagine ransomware taking control of your display and only allowing you to have control of that display back once you’ve paid the ransom. If you’re a photographer you’ve probably seen some of these Wi-Fi-enabled microSD cards. They are not only an SD storage card, but built into the SD card is the ability to communicate out over 802.11 Wi-Fi. This means that you could take pictures with your phone and then without removing the SD card you can transfer those files to another system.

Unfortunately, many of these Wi-Fi-enabled microSD cards have also included a number of different security vulnerabilities. So people would be able to access this SD card without your knowledge and gain access to all of the content on that card. Often the manufacturer of these types of SD cards will create an Application Programming Interface. This means that a third party could write an application that would be able to use the capabilities of this wireless card. It’s important that the manufacturer of the SD card build in security controls to this API so that somebody couldn’t use the API to circumvent the security and gain access to your SD card.

Many of the printers we use today are truly multi-function devices. They may have a printer capability, there might be scanning functionality, and some of these devices will perform fax functions as well. They often connect directly to the network, and many of these devices have their own built in storage so you can transfer a file to the printer and then print out at a later time. These multifunction devices then may have a lot of information that you can use for reconnaissance.

If you’re using this as a fax or a scanner, there may be scans that are stored locally on the device, then you may be able to look through address books and activity logs to see who may have sent or received a fax. If someone is able to circumvent the security they may be able to print to this printer even though they normally would not have access to this device. And some of these devices store information in a local spooling file. That means that a third party could possibly gain access to this device and retrieve a copy of what someone has printed on this multifunction device.

If you need to increase the amount of storage available on your operating system it’s easy to plug-in one of these removable external drives and immediately gain a large amount of storage space. They’re very portable, and they make it very easy to transfer files from one system to another. These external storage devices often don’t require any type of special authentication. Once a file has been copied onto these devices anyone can get this device and be able to read or transfer files off of this device.

It’s always important if you’re using one of these external storage devices to enable some type of encryption. So if you lose this device or it becomes stolen, nobody would be able to access the data that is stored on this device. When we think about security we’re very concerned about these external storage devices, because it makes it very easy to exfiltrate data. Someone can plug into a USB connection, transfer terabytes of information over to one of these external storage devices, and simply walk out the door with all of our important data.

The digital cameras we use could also be a security concern. We’re of course using these devices to be able to capture still images and video, and it’s commonly storing that information on to a digital storage device. When you connect these cameras to your computer, commonly over a USB connection, they appear to the operating system as a removable storage device. So your camera has the same security concerns that we might have with a traditional removable storage device. You might also want to think about the firmware that’s inside of these devices, because those could be compromised as well, especially if it’s a security camera. That would allow somebody external to your organization to be able to look into your security cameras without you even realizing they were doing it.