• Malicious USB Charging Cable Possible

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Malicious USB Charging Cable Possible

    Tags:

    Author
    Topic
    Kirsty
    Manager
    August 21, 2018 at 2:21 am #211999

    USBHarpoon Is a BadUSB Attack with A Twist
    By Ionut Ilascu | August 20, 2018

     
    Several security experts have built a malicious version of a USB charging cable, one that can compromise a computer in just a few seconds. Once plugged in, it turns into a peripheral device capable of typing and launching commands.

    USBHarpoon, as its makers call it, relies on the BadUSB research from Karsten Nohl and his team at Security Research Labs. Their work showed that an attacker can reprogram the controller chip of a USB drive and make it appear to the computer as a human interface device (HID).

    The type of HID can be anything from an input device like a keyboard that issues a rapid succession of commands, to a network card that modifies the system’s DNS settings to redirect traffic.

    With USBHarpoon, security experts replaced the USB drive with a charging cable, something that is as ubiquitous, but less likely for users to be cautious of.

    The cable comes with modified connectors that allow both data and power to pass through so it will fulfill the expected function. This feature enables it to be accompanied by any type of device that powers through USB (fans, dongles distributed at conferences), without raising suspicions about plugging the cable.

     
    Read the full article here

    4 users thanked author for this post.
    SueW, Elly, geekdom, JohnW
    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • JohnW
      AskWoody Lounger
      August 21, 2018 at 8:19 am #212028

      BadUSB has been known for a few years now.  This twist emphasizes that the problem is actually with the USB device controller itself, not infected files contained on a USB drive, etc.  So now we have a proof of concept for rogue charging cables.

      Many USB devices are built with USB firmware in the controller that can be overwritten.  So that once you have plugged in an untrusted USB device that has been compromised, your computer is at risk.

      So literally any USB peripheral device could be infected, and since all this occurs at the driver level, anti-malware on the PC that deals with file level security cannot detect this sort of exploit.

      How You Can Avoid a BadUSB Attack   https://mashable.com/2014/10/03/how-can-you-avoid-badusb/

      How bad is BadUSB really?   http://infothreat.org/bad-badusb-really/

      Windows 10 Pro 22H2

      5 users thanked author for this post.
      Dave, SueW, Kirsty, Elly, geekdom
      Reply | Quote
    Viewing 0 reply threads
    Reply To: Malicious USB Charging Cable Possible

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.