A security researcher demonstrated how he can take control of a system with a normal-looking USB cable without the antivirus software noticing anything.
It’s no longer a secret that it’s a bad idea to just insert an unknown USB stick into your PC. Security researcher Mike Grover now shows in a convincing demonstration that USB cables can also be a danger.
Grover built a small chip with WiFi functionality in just behind the USB connection. He then finished the cable so that it doesn’t visually differ from an authentic USB lightning connection. However, anyone who puts the thing in their PC opens the door to a hacker, even if he or she must be physically close by.
The hacker has to connect wirelessly to the cable. He can then send commands to the affected PC via this connection. He can open websites, download other malware and even change the firmware of the affected system. The cable has this access because it is detected by the system as an input device such as a mouse or a keyboard. Commandos, sent to the cable via the wireless interface, are thus forwarded to the computer.
In an interview with PC Magazine, Grover states that the cable is compatible with Windows, macOS and Linux. It is also possible to program the malicious gadget to automatically connect to another network. In this way, the hacker can still attack a PC from a safe distance.
Grover is going to offer the cable for sale now, but he says not with bad intentions. He hopes that the action will raise awareness, and that other security researchers will be able to use his cable to gain new knowledge and possibly improve security.
The demonstration shows in particular how vulnerable a system is to attacks via a USB port, regardless of the operating system. Certainly organizations that store sensitive data, and may be the target of a targeted attack, need to be very conscious of this reality.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.