If you pay attention to security, you’re probably aware that random USB drives can be host to a variety of malware — or alternately designed to destroy your PC if plugged in. Now, a security researcher has demonstrated that even USB cables can be booby-trapped with security exploits, provided that the attacker is relatively close by.
As detailed on his own website and by PCMag, security researcher Mike Grover built himself a USB cable with an embedded Wi-Fi controller and the ability to execute payloads remotely on the target device via a nearby phone. The O.M.G. (Offensive MG) cable can theoretically reflash the system firmware, initiate deauthentication attacks on 802.11, and update payloads on the target system. The video embedded in the tweet below shows the attack vector in action.
You like wifi in your malicious USB cables?
The O•MG cable
(Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR
— _MG_ (@_MG_) February 10, 2019
PCMag interviewed Grover, who brought visual aids to demonstrate his new cable.
Apologies. Damn interns.
As we were saying, PCMag interviewed Mike Grover via Twitter. “It ‘works’ just like any keyboard and mouse would at a lock screen. You can type and move the mouse,” Grover said. “If you get ahold of the password, you can unlock the machine.” The cable can also prevent the machine from falling asleep by simulating tiny mouse movements and can be programmed to connect to a nearby Wi-Fi network or cellular hotspot rather than attacking the connected PC.
Grover hand-developed the cables using a $950 CNC milling machine he bought used and several thousand dollars of his own money. Details on the cable’s construction and design are here. According to him, the point wasn’t to cause mayhem but to research a potential threat vector and raise awareness that attacks could be embedded into Wi-Fi cables rather than just focusing on USB drives themselves. While it’s difficult to imagine this working as part of a drive-by campaign, swapping a particular target’s USB cable could be a means to introduce a hack to specific systems. If you own a phone, chances are you’ve plugged it into a computer to charge at some point in your life. The ubiquitous use of micro USB (or USB-C in the future) could make this kind of attack even more dangerous simply because those types of cables are used for such a wide range of products.
Users who are concerned about these types of security issues have the option of buying USB ‘condoms’ — devices that allow for USB power to pass between devices to enable charging, but that don’t allow for data transfer.