Olaf Tan and Dennis Goh of RFID Research Group, Vincent Yiu of SYON Security and Kevin Mitnick have developed a new rogue USB charging cable named USBharpoon which can be used to compromise a computer in just a few seconds. The USBHarpoon takes inspiration from the BadUSB Project built by Karsten Nohl from Security Research Labs.
Nohl has provided a demo that turns one device type into another by just reprogramming the USB controller chips which also includes thumb drives. These drives don’t have much protection from reprogramming.
The USBHarpoon leverages the charging cable instead of the USB drive to create a “code bomb”. The cable was modified by researchers to transfer both data and power which makes it difficult to notice any abnormal behaviour from the user.
The Security Researcher has posted two videos on Twitter
HID attacks via USB drives have become too suspicious. What about embedding the attack inside a USB cable?
Just a quick test for a few things I'm hoping to make over the next month. pic.twitter.com/3iNjLqXloW
— _MG_ (@_MG_) January 1, 2018
BadUSB Cable #2. HID attack through an Apple MacBook USB-C charger. Great for shared workspaces!
Build info coming this month. Still working out some things. These cables work on just about any device with a USB port (Mac/Win/Linux, phones too) pic.twitter.com/b6254FvpLY
— _MG_ (@_MG_) January 6, 2018
The Researcher has demonstrated that his BadUSB cable will work with the 24-pin USB-C connector which is used for MacBook chargers, the researcher also added that it will work on any devices with a USB port, including mobile devices.
@Mitnick originally asked the researcher Dennis Goh to build a cable to demo the attack, thus the USBHarpoon was born. The USBHarpoon once plugged in allows for commands to be launched which download and execute the malicious code in the victim’s PC. Yiu has also published a video that shows how the USB cable works on a Drone that is connected to a Windows PC. The experts have noticed that Windows Commands are launched in Run Prompt and the Mac commands are launched from the Terminal itself.
Take your time to comment on this article.