[conspire] New Offensive USB Cable Allows Remote Attacks over WiFi
Rick Moen
rick at linuxmafia.com
Sun Feb 17 13:28:22 PST 2019
Howard sent this via a sharing widget:
> https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/
(FYI, the URL originally included a traffic-tracking 'tag',
#.XGmfnNUTL1x.email', at the end. That's one type of mischief that you
tend to get with 'share' widgets, and one of many reasons it's best to
avoid them.)
Summary of the story: Slight variation on an old trick where something
that doesn't _look_ like a USB human-interface ('HID class') device,
i.e., keyboard or mouse, gets plugged into a USB port and tells the
computer 'Hi, please accept me as a HID device', and the computer
complys.
In this case, as a proof of concept, security researcher Mike Grover
cobbled together something that appears to be an ordinary USB 'A'-type
to USB 'C'-type patch cable, but hides a small wifi interface and some
support circuitry inside it. The circuitry permits Mike Grover to
remotely send keystrokes and mouse operations to the attached computer.
So, the moral is: Hardware you shouldn't trust might behave like
hardware you shouldn't trust. News at 11. ;->
More information about the conspire
mailing list