USB cable with Wi-Fi allows hacking PCs

A security researcher has managed to implant a WiFi chip into a USB cable so that this cable is suitable for attacking systems with macOS, Linux, Windows or other operating systems.


Advertising

Looking back at BadUSB

USB devices are a latent security risk to system security. At the beginning of September 2014 I wrote in the German blog post Black Hat 2014: USB-Geräte als Sicherheitsrisiko about security risks and vulnerabilities of the USB interface. USB devices such as USB drive, USB mice, etc. can change their device ID to the host at any time. A USB stick could suddenly pretend to be a USB keyboard or USB WLAN stick and make entries or record WLAN data. At the Black Hat conference, German security specialists around Karsten Nohl pointed out that the firmware of USB controllers can be patched at any time. Attackers can implement malicious software in the firmware that can virtually not be detected or blocked by virus scanners or security software.

A USB cable with a WiFi chip

A few days ago I came across the following tweet. Security researcher Mike Grover presented his latest development in the field of USB connections for hacking in a video..

It is a USB cable that looks quite harmless, but has a WiFi chip implemented. If you connect the USB cable to a computer, it is supplied with power. Then an attacker can establish a WLAN connection with the WiFi chip of the USB cable via SmartPhone. As soon as this connection is established, any commands can be sent to the connected system via the USB cable. The USB cable is regarded by the operating system as a HID input device. So you can use it to enter commands as if they were typed on a keyboard. In this blog post, the security researcher reveals more information. Bleeping Computer then picked up the story within this article and published more information.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *