USB is one of the great innovations that helps to make modern computer use so much easier. When plugging in a device, be it a digital camera, smartphone, external hard drive or any device really, we take it for granted that it will work and that life will continue on as normal. Unfortunately now that may not be the case as a security researcher has managed to find a way to hack your computer via a USB cable. Coming on the heels a few months ago of the possibility of being able to hack a computer via a power cable, this has the potential to be quite scary.

First to be clear, security researcher Mike Grover did not simply do this by going to Best Buy and just buying a cable off of the shelf. Your computer will not be hacked because of the USB cable that came with your devices or from the cable that you bought in a store.

The Evil USB Cable

What Grover was able to do was to fit a Wi-Fi chip inside one of the sockets on a USB-to-Lightning cable, or the same cable that you use to connect your smartphone to your computer or to charge it. When a device is plugged it it will be detected by the computer as a new device that has been plugged in. Grover’s modification was identified as a Human Interface Device, basically the same as a mouse or a keyboard, but since most people will just ignore the message telling them that since they are conditioned to seeing a similar message it makes this all the more dangerous.

Grover designed the cable to work with Windows, Mac, Linux or iOS operating systems and it has the potential to do a lot. After being connected via another device, like a laptop, the attacker can move the mouse and type. This allows the attacker to potentially keep a device from falling asleep so they can continuously access it, that is until they learn the user’s password, which can be done via direction to a malicious website that looks like a login screen for a commonly used website. The cable can also connect to a Wi-Fi or cellular hotspot potentially expanding the range meaning the attacker does not need to be sitting right next to the person.

Not your typical USB Cable

As mentioned before this kind of attack was not done by simply buying a cable off of the shelf and plugging it in. A milling machine was necessary to fit the chip in and of course the chip needed to be purchased. This is not something that everyone is able to do.

Grover did this to bring attention about the possibility of these kinds of attacks to a wider audience before someone does this for nefarious reasons to exploit this. He intends to produce more of these cables and put them up for sale to allow other security researchers to continue to explore other uses for this cable. Let’s just hope that these cables don’t end up in the hands of the wrong people.

What Can You Do?

Most people do not use other people’s cables to begin with and if this kind of attack is possible those kind of people will not need to worry. Unfortunately there may come a time when you need to charge your phone or to connect your phone to someone’s computer to download a picture. Numerous event spaces have kiosks that allow you to charge your phone while you are at their event and it is potentially very easy to swap or add a cable. Some service centers also provide cables while you use their waiting room and it would be very easy to swap a cable there. Since the device is connected via Wi-Fi this allows the attacker to stay within range and not be noticed.

So what is the solution? For some it may be to never use cables other than your own. You may bring your cable with you if you think you might need to charge your phone and you will be safer for it. For others it may be best to pay attention to your computer when you plug a device in and know what messages and dialog boxes pop up. When a new device is plugged in a box will pop up letting you know. By knowing this, you will be able to catch something that is out of the ordinary. By doing so, it could potentially save yourself a lot of aggravation and money.

Now chances are you may never have to deal with an evil USB cable. As of right now the only known instance of this cable is in the hands of a security researcher, or one of the supposed good guys. That is not to say that some bad actor has also developed this and is using to their own advantage. So, what is the best thing? Just like you tell your kids not to accept candy from strangers, don’t accept a USB cable from a stranger.

Comments are closed.

Scroll to Top