Malicious USB Cables Embed Wi-Fi, Can Remotely Control Connected PC

Malicious USB Cables Embed Wi-Fi, Can Remotely Control Connected PC

If you pay attention to security, you’re probably aware that random USB drives can be host to a variety of malware — or alternately designed to destroy your PC if plugged in. Now, a security researcher has demonstrated that even USB cables can be booby-trapped with security exploits, provided that the attacker is relatively close by.

As detailed on his own website and by PCMag, security researcher Mike Grover built himself a USB cable with an embedded Wi-Fi controller and the ability to execute payloads remotely on the target device via a nearby phone. The O.M.G. (Offensive MG) cable can theoretically reflash the system firmware, initiate deauthentication attacks on 802.11, and update payloads on the target system. The video embedded in the tweet below shows the attack vector in action.

You like wifi in your malicious USB cables?

The O•MG cable (Offensive MG kit)https://t.co/Pkv9pQrmHt

This was a fun way to pick up a bunch of new skills.

Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR

— _MG_ (@_MG_) February 10, 2019

PCMag interviewed Grover, who brought visual aids to demonstrate his new cable.

Credit: PBS/Sesame Street
Credit: PBS/Sesame Street

Apologies. Damn interns.

As we were saying, PCMag interviewed Mike Grover via Twitter. “It ‘works’ just like any keyboard and mouse would at a lock screen. You can type and move the mouse,” Grover said. “If you get ahold of the password, you can unlock the machine.” The cable can also prevent the machine from falling asleep by simulating tiny mouse movements and can be programmed to connect to a nearby Wi-Fi network or cellular hotspot rather than attacking the connected PC.

Grover hand-developed the cables using a $950 CNC milling machine he bought used and several thousand dollars of his own money. Details on the cable’s construction and design are here. According to him, the point wasn’t to cause mayhem but to research a potential threat vector and raise awareness that attacks could be embedded into Wi-Fi cables rather than just focusing on USB drives themselves. While it’s difficult to imagine this working as part of a drive-by campaign, swapping a particular target’s USB cable could be a means to introduce a hack to specific systems. If you own a phone, chances are you’ve plugged it into a computer to charge at some point in your life. The ubiquitous use of micro USB (or USB-C in the future) could make this kind of attack even more dangerous simply because those types of cables are used for such a wide range of products.

Users who are concerned about these types of security issues have the option of buying USB ‘condoms’ — devices that allow for USB power to pass between devices to enable charging, but that don’t allow for data transfer.

Continue reading

NASA Begins Assembling Spacecraft to Study Enormous Metallic Asteroid
NASA Begins Assembling Spacecraft to Study Enormous Metallic Asteroid

Next year, this piece of hardware will ride a SpaceX rocket into orbit, and then it's off to the asteroid belt to study its namesake, the metal-rich asteroid 16 Psyche.

Valve Launches Steam Deck, a New PC Gaming Handheld Shipping in December
Valve Launches Steam Deck, a New PC Gaming Handheld Shipping in December

Valve has announced its new Steam Deck, with plans to ship the PC gaming handheld in December.

Best Buy Now Requires $200 Membership Fee for all Nvidia GPU Purchases
Best Buy Now Requires $200 Membership Fee for all Nvidia GPU Purchases

Say goodbye to your hopes of ever getting an Nvidia Founder's Edition GPU at MSRP.

NASA Begins Assembling Europa Clipper Spacecraft
NASA Begins Assembling Europa Clipper Spacecraft

NASA has some big things planned for later this decade, including but not limited to sending a spacecraft to Jupiter's moon Europa. Engineers and technicians are now beginning work on the Europa Clipper spacecraft that will make this epic journey.