Malicious USB Cables Embed Wi-Fi, Can Remotely Control Connected PC
If you pay attention to security, you’re probably aware that random USB drives can be host to a variety of malware — or alternately designed to destroy your PC if plugged in. Now, a security researcher has demonstrated that even USB cables can be booby-trapped with security exploits, provided that the attacker is relatively close by.
As detailed on his own website and by PCMag, security researcher Mike Grover built himself a USB cable with an embedded Wi-Fi controller and the ability to execute payloads remotely on the target device via a nearby phone. The O.M.G. (Offensive MG) cable can theoretically reflash the system firmware, initiate deauthentication attacks on 802.11, and update payloads on the target system. The video embedded in the tweet below shows the attack vector in action.
You like wifi in your malicious USB cables?
The O•MG cable (Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR
— _MG_ (@_MG_) February 10, 2019
PCMag interviewed Grover, who brought visual aids to demonstrate his new cable.
Apologies. Damn interns.
As we were saying, PCMag interviewed Mike Grover via Twitter. “It ‘works’ just like any keyboard and mouse would at a lock screen. You can type and move the mouse,” Grover said. “If you get ahold of the password, you can unlock the machine.” The cable can also prevent the machine from falling asleep by simulating tiny mouse movements and can be programmed to connect to a nearby Wi-Fi network or cellular hotspot rather than attacking the connected PC.
Grover hand-developed the cables using a $950 CNC milling machine he bought used and several thousand dollars of his own money. Details on the cable’s construction and design are here. According to him, the point wasn’t to cause mayhem but to research a potential threat vector and raise awareness that attacks could be embedded into Wi-Fi cables rather than just focusing on USB drives themselves. While it’s difficult to imagine this working as part of a drive-by campaign, swapping a particular target’s USB cable could be a means to introduce a hack to specific systems. If you own a phone, chances are you’ve plugged it into a computer to charge at some point in your life. The ubiquitous use of micro USB (or USB-C in the future) could make this kind of attack even more dangerous simply because those types of cables are used for such a wide range of products.
Users who are concerned about these types of security issues have the option of buying USB ‘condoms’ — devices that allow for USB power to pass between devices to enable charging, but that don’t allow for data transfer.
Continue reading
Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi
According to Ian Beer of Google's Project Zero security team, the flaw allowed him to steal photos from any iPhone just by pointing a Wi-Fi antenna at it.
How to Boost Your Wi-Fi Speed by Choosing the Right Channel
Some channels in Wi-Fi routers are indeed much faster — but that doesn't mean you should go ahead and change them. Read on to find out more about interference and the massive difference between 2.4GHz and 5GHz Wi-Fi.
How to Boost Your Wi-Fi Speed by Choosing the Right Channel
Some channels in Wi-Fi routers are indeed much faster — but that doesn't mean you should go ahead and change them. Read on to find out more about interference and the massive difference between 2.4GHz and 5GHz Wi-Fi.
Netgear Has the First Quad-Band Wi-Fi 6E Mesh Router, but it Costs $1,500
Mesh routers are all the rage right now. Google, Amazon, Asus, Linksys, and many others have their own dual or tri-band mesh setups. Netgear says it has something new—the world's first quad-band Wi-Fi 6E system.