Malicious USB Cables Embed Wi-Fi, Can Remotely Control Connected PC
If you pay attention to security, you’re probably aware that random USB drives can be host to a variety of malware — or alternately designed to destroy your PC if plugged in. Now, a security researcher has demonstrated that even USB cables can be booby-trapped with security exploits, provided that the attacker is relatively close by.
As detailed on his own website and by PCMag, security researcher Mike Grover built himself a USB cable with an embedded Wi-Fi controller and the ability to execute payloads remotely on the target device via a nearby phone. The O.M.G. (Offensive MG) cable can theoretically reflash the system firmware, initiate deauthentication attacks on 802.11, and update payloads on the target system. The video embedded in the tweet below shows the attack vector in action.
You like wifi in your malicious USB cables?
The O•MG cable (Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR
— _MG_ (@_MG_) February 10, 2019
PCMag interviewed Grover, who brought visual aids to demonstrate his new cable.
Apologies. Damn interns.
As we were saying, PCMag interviewed Mike Grover via Twitter. “It ‘works’ just like any keyboard and mouse would at a lock screen. You can type and move the mouse,” Grover said. “If you get ahold of the password, you can unlock the machine.” The cable can also prevent the machine from falling asleep by simulating tiny mouse movements and can be programmed to connect to a nearby Wi-Fi network or cellular hotspot rather than attacking the connected PC.
Grover hand-developed the cables using a $950 CNC milling machine he bought used and several thousand dollars of his own money. Details on the cable’s construction and design are here. According to him, the point wasn’t to cause mayhem but to research a potential threat vector and raise awareness that attacks could be embedded into Wi-Fi cables rather than just focusing on USB drives themselves. While it’s difficult to imagine this working as part of a drive-by campaign, swapping a particular target’s USB cable could be a means to introduce a hack to specific systems. If you own a phone, chances are you’ve plugged it into a computer to charge at some point in your life. The ubiquitous use of micro USB (or USB-C in the future) could make this kind of attack even more dangerous simply because those types of cables are used for such a wide range of products.
Users who are concerned about these types of security issues have the option of buying USB ‘condoms’ — devices that allow for USB power to pass between devices to enable charging, but that don’t allow for data transfer.
Continue reading
Seagate Announces Its Own RISC-V Cores for Future Storage Controllers
To hit its 50TB per-drive target over the next few years, Seagate decided it needed a custom storage controller. RISC-V offered a solution.
Microsoft Denies Cutting Secret Deal With Duracell Over Xbox Controllers
Despite earlier rumors, there is no secret deal between Microsoft and Duracell to keep the Xbox controller using old AA technology.
NASA Delays Lunar Contracts, Casting Doubt on 2024 Moon Landing
Many observers expected this move based on the funding approved by Congress and the ongoing effects of the pandemic, but it's still a disappointment for anyone who held out hope for a 2024 landing.
PlayStation 5 Controllers are Suffering from Drift
Nintendo may have company in the unreliable controller market, though gamers aren’t going to be pleased with this particular method of feature-matching. Instead of, say, a PlayStation 5 you fold up and carry in your pocket without setting your pants on fire, the PlayStation 5 DualSense controller is apparently suffering from drift.The DualSense controller has…