Hacking, Destruction, and Cyber Espionage via USB Cables.
I would strongly prefer that course readers do not fall into any extremes or paranoia; nevertheless, comprehensive security implies awareness of all threats, one of which is USB cables. In this chapter, we will explore how they can become tools of attack.
Not long before the publication of this material, news emerged that Mike Grover, an IT security specialist, developed a malicious USB cable that can receive commands from an attacker via Wi-Fi and transmit them to the victim's device in the guise of a keyboard. To understand the potential consequences of such an attack, read in this chapter.
Mike Grover named his development 0-MG, and it is equally effective against devices running Linux, macOS, and Windows. However, the main problem is that this is not a unique private development; such devices have existed for a long time and can be purchased by anyone, for example, on AliExpress.
Let’s analyze the threats that a malicious USB cable can pose.
Destruction of the Device
We have already written about USB flash drives that disable a computer when connected. Nothing prevents the creation of a USB cable with a similar principle of operation.
Do not underestimate this attack; sometimes, disabling the victim's computer is a desired goal. But you know the reason and solution, while the victim will likely spend time searching for the cause, inviting a specialist, finding and purchasing a compatible component, and subsequent installation. In some cases, this process can take weeks.
You can find various devices online that claim to protect the USB port, known as USB Condoms. Some of them, according to sellers, protect against USB killers, although that is not their primary purpose.
Infection of the Device
I remind you that a charger is connected to the USB port in most cases, which means that a BadUSB attack can be conducted with all the ensuing consequences.
There is no need to look far for examples; meet: USBHarpoon.