USB spy cables are here

Can a USB data cable be altered into a Spying data?

220px-MicroB_USB_Plug

Absolutely YES!

There are many potential problems with USB cables. The USB Security is fundamentally broken and modern electronics can be made so small that you can fit all kinds of nasty circuits inside USB cable if you want to do that. And some parties want to do that. USB phone charging can be a security risk and public USB chargers can be dangerous to use.

There are many different ways how an USB cable can be converted to a spying device. Besides DIY projects there are places that sell different types of USB spying cables.

One type of USB spying cable is GSM spy bug hidden inside Micro USB cable. You can fit a small GSM phone electronics inside full size USB plug case, and use that GSM phone as Auto Callback listening device. When you call the mobile number, this device will auto answer and let’s you to hear what is happening near the cable. The GSM electronics can be powered nicely with +5V USB power. The GPS device might or might not touch the USB data pins. In addition to GSM cell phone there can also be GPS location device on the same cable. This kind of GSM USB cable listening devices are sold here and there.

If you are interested what is inside such GSM USB spy cable, read USB spy cable – teardown & vulns article. It reveals that controls were horribly insecure and allowed anyone to monitor all of the cables in use.

Can a USB data cable be altered into a Spying data cable that can inject malicious software in my phone? This is well possible if someone builds a small device, likely at the USB end of your cable. That device would have to be very small to work in your cable, but technically doable. This kind of cables are on the market. Chec

NEW USB CABLE CONTAINS TINY COMPUTER THAT SPIES ON EVERYTHING YOU TYPE article tells that next time you buy a USB cord — or take a free one from a kiosk at an event — you’ll want to make sure it doesn’t spy on every single thing you type. This is not just some speculation of possibility of hacking. A PSEUDONYMOUS SECURITY RESEARCHER SAYS THEY’RE ALREADY MASS PRODUCING THE CABLES. The so-called OMG cable looks just like any other, except for a tiny computer that can automatically record every single keystroke you take while it’s plugged in and transmit them to a hacker. The cable contains a web server, radio, and tiny processors all hidden within the wire itself.

There has been earlier O.MG CABLE – * TO USB-A. A new version of the OMG Cable is a USB-C to Lightning Cable that hackers can use to steal your passwords or other data. It works as a keylogger and data spy. “There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :),” MG told Motherboard. MG has already started to mass-produce the OMG cable and sell it through the hacking community shop Hak5 — ostensibly for security research purposes rather than anything willfully malicious.

What are the possibilities to do something same type yourself? This technology can be implemented by hardware hackers even at home labs. There are open projects like TOMU: A MICROCONTROLLER FOR YOUR USB PORT that fit inside USB socket. There is also newer project HOW A MICROCONTROLLER HIDING IN A USB PORT BECAME AN FPGA HIDING IN THE SAME.

The next question is how to secure yourself against this kind of cables? Is there a way to detect before use or maybe even dis-infect such nasty spy cables?

3 Comments

  1. PCBA Board says:

    thank you very much
    i like yourt article
    it can help me

    http://www.keruisore.com

    http://www.arrows-hobby.net

    Reply
  2. Tomi Engdahl says:

    I got hacked by an iPhone Cable.
    https://www.youtube.com/watch?v=IrXLRxSsMbs

    How this simple iPhone Cable can hack your computer, and steal everything you own.

    Viewer comments:

    Honestly this is excellent advice for those who pick up cables around airports, there are so many always DO NOT PICK THESE UP

    The fact that they sell both the attack hardware and the hardware to prevent their own attack is such a great money-making scheme

    You should look up Hak5 (makers of these) on YT, its used to teach and train (hopefully) ethical hackers and they have a great YouTube channel. I myself train to become a legal hacker and Hak5 and Shannon Morse are just great. Its very important for Pentester for example and you can build your own bad-usb from a Arduino Digispark :P

    don’t you know , ethical hacking is actually a thing and it’s legal . Ethical hackers are employed by the government to hack and see loopholes in major companie’s databases . The job has been around from a while

    Just watched. It’s like an easy to use Trojan. Might grab the lightning USB cable. Love the self-destruct feature. Impressive stuff.

    Hak5 is quite an insane hacking group.

    Been watching hak5 for years and keeping my eyes on these, they’ve been getting more and more advanced as the years go by! I’m glad a big tech channel have brought this to the attention of people less aware.

    Yes. Always purchase from reputable companies through the proper channels. I don’t mess around with after market plugs or cables. I know most are safe, I just don’t take these types of risks.

    These videos simultaneously scare and reassure me. I’m alarmed to see a new threat, but then Aruns comforting delivery takes the edge off the topic, and the way he offers tips on how to protect yourself shows how much he cares about his viewers. I’ll be sure to get my cables from a reputable source, even if it costs more.

    I have severe anxiety, so channels like his make adapting to current threats much easier. Thank you, sincerely.

    Arun : “this is a family friendly tech channel!”

    Also Arun : “all I need to do is approach from behind, to slip it into the back, and execute a payload”

    I appreciate Aruns ability to somehow fit in a rickroll and a “that’s what she said” joke into every video, even the more serious ones!

    This video is a reminder to never check that ” always signed in ” or ” remember me button ” also use 2fa please. This video is absolutely terrifying and most like spawned as much hackers as people it saved. A true catch 22 but I’m still glad you put it out to remind us to stay humble and keep on our toes.

    I found an iPhone charger wire in Manhattan on a bush sometime last week, now I’m scared that it may be one of those wires lol.
    Got to check thoroughly again, but it looks perfectly the same, so I should be safe….. Or am I? :o

    Thank you for spreading awareness about these. When I try to tell many people about attacking hardware, very few take me seriously. They think I’m paranoid for carrying battery packs, not using public wifi, not using used USBs, or other memory devices, etc. I wasn’t fun in school.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*