All the latest UK technology news, reviews and analysis

Android hack tool siphons Windows PC data

02 Jul 2013
Google Android

Criminals have developed an Android hack tool capable of siphoning vast amounts of data from compromised Windows PCs, according to Finnish security firm F-Secure.

F-Secure said the USBCleaver attack tool can steal numerous types of data from Windows PCs, including browser passwords stored on Firefox, Chrome and Internet Explorer and the PC's WiFi password and network information. F-Secure analyst Sean Sullivan confirmed to V3 while dangerous, the tool requires physical access to a machine to work, diminishing its threat to businesses.

"The key thing is access. The hack tool needs to connect to the Windows PC, typically via a USB cable. Physical security is critical. Business travellers should always shut down (not suspend) their computers and lock them up in the hotel's safe in order to avoid ‘evil maid' attacks. An attacker carrying a laptop and gear around a hotel might look suspicious. But somebody with a phone? Not at all," he said.

Sullivan added that such tools have been commonly carried and distributed via USB sticks in the past. "For a long time now there have been Linux boot hack-tool kits for netbooks and the like. USB Cleaver is an Android tool for hacking Windows computers. It effectively reduces the size and amount of the hardware that needs to be carried around," he said.

F-Secure reported there are already numerous other ways outside of physical measures able to protect users from the Android hack tool.

"Fortunately, USBCleaver's Windows-infecting routine can be blocked by a simple measure that's been standard security advice for the last couple of years: disabling the Autorun by default (this is already standard on Windows 7 machines). An additional mitigating factor is that most older Windows systems need to have mobile drivers manually installed in order for this attack to work," F-Secure noted.

The attack tool is one of many mobile threats being uncovered on Android. Generally the threats are Trojan applications sold on third-party marketplaces or phishing scams containing malware designed for Android, though numerous security vendors have reported detecting more advanced attacks targeting the platform. Most recently, McAfee reported finding advanced mobile malware able to infect Android smartphones and tablets via Bluetooth.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Helpdesk Analyst

Fragomen is the largest law firm in the world dedicated...

1st / 2nd Line Technical Support Consultant - Broadband, Voice, TCP/IP

1st / 2nd Line Technical Support Consultant - Broadband...

Head of Digital

Marketing, Communications & Development - Head...

Senior IT Technical Engineer 2nd / 3rd Line Support - VMware View

Senior IT Technical Engineer 2nd / 3rd Line Support...
To send to more than one email address, simply separate each address with a comma.