Your system can also be compromised via a malicious USB cable

Posted on Monday, March 04 2019 @ 10:53 CET by Thomas De Maesschalck
Not a whole lot of news today so here's something I missed a couple of weeks ago. Earlier today I wrote about the "Thunderclap" vulnerability that makes it possible to infect computers via the Thunderbolt interface, but it seems you can't fully trust USB either. Tom's Hardware reports security researcher Mike Grover demonstrated that cybercriminals can turn USB cables into hacking devices.

Grover created a working example of a USB cable with an integrated WiFi controller that can communicate with a nearby smartphone. The cable passes itself as a "Human Interface Device", which gives its access to certain system resources right away:
The victims may think they are using a generic USB cable, but the PC will recognize the cable as a Human Interface Device, much like it would a mouse or keyboard, giving the attacker just enough permissions to wreak havoc inside the system.

As you may already know, a mouse or keyboard can be used as soon as it's plugged into a PC, even if the system is locked with a password or biometric, which means these peripherals can bypass the operating system’s protection features and gain access to some system resources right away.
Once the cable is plugged in, an attacker can remotely take over the PC via various exploits delivered through the cable. This sort of attack works against Windows, Linux, and iOS devices. Interesting stuff.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments