Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

Return to Answer

added 669 characters in body
Source Link
Adi
Adi
  • 44.2k
  • 16
  • 138
  • 170

Most likely yes, but it depends

Much like PATA, SCSI, and Ethernet devices, USB devices don't directly connect to the computer. They connect to a Host Controller that manages all signaling and communication. All ports are connected to something called a Root Hub, and to each Root Hub you may connect other hubs and subsequently more hubs.

Each of these hubs have multiple downstreams and exactly one upstream. "What does that mean?" you ask. Well, it means that whatever data sent by the hub is sent to all child hubs and devices, while data sent by the hubs and devices are only sent "upwards" to Root Hub.

So, if a number of devices are connected to ports that lead to the same Root Hub (they're all controlled by the same Host Controller), then any of the devices can sniff the data only in the direction Computer -> Device.

In my laptop, for example, the ports on the right side are controlled by a Host Controller, and the ports on the left side are controlled by another Host Controller.

enter image description here

Meaning that data sent to any device on the right side can be sniffed by any device on the right side, but not devices connected to the left side.

I remember a colleague of mine modifying a USB stick to prevent it from ignoring data sent to other devices. So if you plug that modified USB stick to a computer, you can capture all the files copied to other USB sticks on the same computer.

Update:

@Polynomial's comment made me question the whole answer, since my information is based on my colleague's description. To be sure, I tried to find some reference. I dug in the USB specs and I found this:

enter image description here ... In the downstream direction, hubs operate in a broadcast mode. When a hub detects the start of a packet on its upstream facing port, it establishes connectivity to all enabled downstream facing ports. If a port is not enabled, it does not propagate packet signaling downstream.

Also, a TOTAL PHASE KB article seems to agree

USB 2.0 works through a unidirectional broadcast system. When a host sends a packet, all downstream devices will see that traffic. If the host wishes to communicate with a specific device, it must include the address of the device in the token packet. Upstream traffic (the response from devices) are only seen by the host or hubs that are directly on the return path to the host.

Most likely yes, but it depends

Much like PATA, SCSI, and Ethernet devices, USB devices don't directly connect to the computer. They connect to a Host Controller that manages all signaling and communication. All ports are connected to something called a Root Hub, and to each Root Hub you may connect other hubs and subsequently more hubs.

Each of these hubs have multiple downstreams and exactly one upstream. "What does that mean?" you ask. Well, it means that whatever data sent by the hub is sent to all child hubs and devices, while data sent by the hubs and devices are only sent "upwards" to Root Hub.

So, if a number of devices are connected to ports that lead to the same Root Hub (they're all controlled by the same Host Controller), then any of the devices can sniff the data only in the direction Computer -> Device.

In my laptop, for example, the ports on the right side are controlled by a Host Controller, and the ports on the left side are controlled by another Host Controller.

enter image description here

Meaning that data sent to any device on the right side can be sniffed by any device on the right side, but not devices connected to the left side.

I remember a colleague of mine modifying a USB stick to prevent it from ignoring data sent to other devices. So if you plug that modified USB stick to a computer, you can capture all the files copied to other USB sticks on the same computer.

Most likely yes, but it depends

Much like PATA, SCSI, and Ethernet devices, USB devices don't directly connect to the computer. They connect to a Host Controller that manages all signaling and communication. All ports are connected to something called a Root Hub, and to each Root Hub you may connect other hubs and subsequently more hubs.

Each of these hubs have multiple downstreams and exactly one upstream. "What does that mean?" you ask. Well, it means that whatever data sent by the hub is sent to all child hubs and devices, while data sent by the hubs and devices are only sent "upwards" to Root Hub.

So, if a number of devices are connected to ports that lead to the same Root Hub (they're all controlled by the same Host Controller), then any of the devices can sniff the data only in the direction Computer -> Device.

In my laptop, for example, the ports on the right side are controlled by a Host Controller, and the ports on the left side are controlled by another Host Controller.

enter image description here

Meaning that data sent to any device on the right side can be sniffed by any device on the right side, but not devices connected to the left side.

I remember a colleague of mine modifying a USB stick to prevent it from ignoring data sent to other devices. So if you plug that modified USB stick to a computer, you can capture all the files copied to other USB sticks on the same computer.

Update:

@Polynomial's comment made me question the whole answer, since my information is based on my colleague's description. To be sure, I tried to find some reference. I dug in the USB specs and I found this:

enter image description here ... In the downstream direction, hubs operate in a broadcast mode. When a hub detects the start of a packet on its upstream facing port, it establishes connectivity to all enabled downstream facing ports. If a port is not enabled, it does not propagate packet signaling downstream.

Also, a TOTAL PHASE KB article seems to agree

USB 2.0 works through a unidirectional broadcast system. When a host sends a packet, all downstream devices will see that traffic. If the host wishes to communicate with a specific device, it must include the address of the device in the token packet. Upstream traffic (the response from devices) are only seen by the host or hubs that are directly on the return path to the host.

Source Link
Adi
Adi
  • 44.2k
  • 16
  • 138
  • 170

Most likely yes, but it depends

Much like PATA, SCSI, and Ethernet devices, USB devices don't directly connect to the computer. They connect to a Host Controller that manages all signaling and communication. All ports are connected to something called a Root Hub, and to each Root Hub you may connect other hubs and subsequently more hubs.

Each of these hubs have multiple downstreams and exactly one upstream. "What does that mean?" you ask. Well, it means that whatever data sent by the hub is sent to all child hubs and devices, while data sent by the hubs and devices are only sent "upwards" to Root Hub.

So, if a number of devices are connected to ports that lead to the same Root Hub (they're all controlled by the same Host Controller), then any of the devices can sniff the data only in the direction Computer -> Device.

In my laptop, for example, the ports on the right side are controlled by a Host Controller, and the ports on the left side are controlled by another Host Controller.

enter image description here

Meaning that data sent to any device on the right side can be sniffed by any device on the right side, but not devices connected to the left side.

I remember a colleague of mine modifying a USB stick to prevent it from ignoring data sent to other devices. So if you plug that modified USB stick to a computer, you can capture all the files copied to other USB sticks on the same computer.