Malicious USB Cables Embed Wi-Fi, Can Remotely Control Connected PC
If you pay attention to security, you’re probably aware that random USB drives can be host to a variety of malware — or alternately designed to destroy your PC if plugged in. Now, a security researcher has demonstrated that even USB cables can be booby-trapped with security exploits, provided that the attacker is relatively close by.
As detailed on his own website and by PCMag, security researcher Mike Grover built himself a USB cable with an embedded Wi-Fi controller and the ability to execute payloads remotely on the target device via a nearby phone. The O.M.G. (Offensive MG) cable can theoretically reflash the system firmware, initiate deauthentication attacks on 802.11, and update payloads on the target system. The video embedded in the tweet below shows the attack vector in action.
You like wifi in your malicious USB cables?
The O•MG cable (Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR
— _MG_ (@_MG_) February 10, 2019
PCMag interviewed Grover, who brought visual aids to demonstrate his new cable.
Apologies. Damn interns.
As we were saying, PCMag interviewed Mike Grover via Twitter. “It ‘works’ just like any keyboard and mouse would at a lock screen. You can type and move the mouse,” Grover said. “If you get ahold of the password, you can unlock the machine.” The cable can also prevent the machine from falling asleep by simulating tiny mouse movements and can be programmed to connect to a nearby Wi-Fi network or cellular hotspot rather than attacking the connected PC.
Grover hand-developed the cables using a $950 CNC milling machine he bought used and several thousand dollars of his own money. Details on the cable’s construction and design are here. According to him, the point wasn’t to cause mayhem but to research a potential threat vector and raise awareness that attacks could be embedded into Wi-Fi cables rather than just focusing on USB drives themselves. While it’s difficult to imagine this working as part of a drive-by campaign, swapping a particular target’s USB cable could be a means to introduce a hack to specific systems. If you own a phone, chances are you’ve plugged it into a computer to charge at some point in your life. The ubiquitous use of micro USB (or USB-C in the future) could make this kind of attack even more dangerous simply because those types of cables are used for such a wide range of products.
Users who are concerned about these types of security issues have the option of buying USB ‘condoms’ — devices that allow for USB power to pass between devices to enable charging, but that don’t allow for data transfer.
Continue reading
The Iconic Arecibo Observatory Will Be Demolished Following Cable Failures
The Arecibo dish was damaged following a series of cable failures, and the National Science Foundation (NSF) has decided it would be too dangerous to repair.
Famed Arecibo Observatory Collapses Following Cable Failures
The National Science Foundation (NSF) previously expressed concern this could happen, which is why it decided last month the dish would be demolished rather than repaired. Gravity took care of that a bit quicker than expected as the 900-ton suspended platform plummeted into the dish overnight, completely destroying the iconic instrument.
USB-IF Rolls Out Logos for new 240W USB-C Cables
Just because you see the distinctive oval-shaped USB-C plug on a device does not mean it automatically supports high-speed data or fast charging. The non-profit USB Implementers Forum (USB-IF) has sought to address that with optional logos, and there are more of them today that might help you identify the latest USB cables. Emphasis on "might."
Apple’s 3M Thunderbolt Cable is a Good Deal at $159. Yes, Really.
If you need a 10-foot Thunderbolt 4 cable, it's the only game in town.