SoylentNews is people
SoylentNews
from the physical-access-is-root-access dept.
Security researcher Mike Grover has modified a USB cable to accept remote commands. The commands can be relayed via a nearby smartphone or even over wi-fi. He plans to put these cables on the market soon. For charging, an adapter with the data connctions severed or removed, known as a "USB condom", is a good idea.
On Sunday, the security researcher Mike Grover demonstrated the threat by creating a malicious USB cable that can receive commands from a nearby smartphone and then execute them over the PC it's been plugged into.
His USB-to-Lightning cable looks pretty generic, but Grover actually fitted a Wi-Fi chip inside one of the sockets. Unsuspecting users will think they've plugged a simple cord into their PC. But in reality, the computer will actually detect the cable as a Human Interface Device akin to a mouse or keyboard.
(Score: 0) by Anonymous Coward on Friday February 15 2019, @01:26PM (2 children)
So, how secure are those remote commands? Are you just trading one security risk for another?
Now an USB cable with three ends, two for the USB connection and one for commands, would seem more secure to me.
(Score: 0) by Anonymous Coward on Friday February 15 2019, @01:28PM
Ah, OK, scrap parent comment; I was temporarily unable to read ;-) This is supposed to be an insecure cable …
(Score: 5, Interesting) by Hyperturtle on Friday February 15 2019, @03:35PM
If they're anything like what I've made*, it runs a version of linux like kali or something and you can reverse ssh from it to a device that pairs within range, such as to retrieve log information from, oh, all the traffic it sniffed or data its captured.
Sort of bulky, but people that don't know any better often accept a description of it's an early type of that cable, but it works. old stuff is big, right? Like those dvi/hdmi adapters that require a power source ostensibly for some reason because even though it works without it, it still has that 5v in so people plug it in without any idea what its really doing. like probing the local environment thanks to the power you gave it.
so yeah over a nearby smartphone or tablet is good--don't need to take over any specific workstations that might draw attention. You can barely bury a cheap rooted android tablet a sealed ziplock and a usb connected solar panel for charging and pull your synced data from that without getting out of your car. Not that I know anything about that.
Don't even get me started on bridging powerline ethernet networks with mesh wifi via disgused AC adapters. really, business parks have the IT security of whatever the wizard was told alert on based on the decisions of someone that has other things to do, like permitting porn sites for his boss between reimaging laptops rather than fixing broken shortcuts because 15 minutes of troubleshooting is too long for some sales people. If it an't broke no one reads the alerting; and besides, if its a small business in a business park complex with many tenants, nearly everybody has nobody that understands security or cares.
Introduce new wifi SSIDs in the area on a channel not conflicting with their own wifi, and it'll get ignored, etc, since in a business park, you don't want to beat up 'rogue aps' that might be your neighbor, and it's few and far between that a complex of many small businesses cooperatively share wifi bssid and mac address info to add to whitelists for mutual protection. (I've only seen it when I had hand in making it happen to prevent aggressive rogue AP detection from taking down friendlies..)
Anyway the Mike Grover (almost called him MacGuyver on accident...) probably will make a small fortune on the white, gray, and black security market selling these--at least until someone in China stamps them out inexpensively. it might be worth picking up one or two for the 'consultant's toolbox', so to speak--these sorts of things sometimes get left behind on purpose, all for the most positive of reasons, I assure you. (I lose a lot of cisco/network console cables that way as well... I know it's at the site if I weaved it into the rack somewhere). It also may be worth it for people not into security, but want to see what passes over the wire--sometimes that helps one better understand how things work, which is always a good outcome.