Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Evil USB Cable Shows How Attacks Can Leverage Physical Hardware

    The latest security research project has led to a USB cable so malicious that it can be used for just about any kind of attack.

    We’ve written before about Kevin Mitnick, KnowBe4’s Chief Hacking Officer demonstrating a malicious USB cable. Despite the possibility, until now, there had only been a single known manufacturer of such a cable.

    But a new cable has recently come to light – one developed by security researcher Mike Grover. Mike’s personal project is rather sophisticated in comparison to the cable shows previously by Kevin. Grover’s cable – which looks normal to the user – contains a Wi-Fi chip and is detected as a Human Interface Device.

    QtiUm86v8-IEztKG

    Credit: Mike Grover / Twitter

    His cable can be remotely controlled, making it possible to inject commands onto the victim machine, including:

    • Keystroke logging
    • Downloading of malware
    • Installation of Remote Access Trojans
    • Opening of fake websites to harvest credentials
    • And more

    According to his webpage, the next iteration seeks to leverage a JavaScript, which opens up the possibilities of what a cable like this can do – including monitoring the victim machine for inactivity (the perfect time to strike), and silently compromising it without the user’s knowledge.

    While Grover’s intentions appear to be white hat – he mentions offering these to security researchers – the presence of yet another cable shows how very possible it is for attackers to infiltrate an organization with little more than a seemingly benign piece of hardware.

    Users undergoing frequent Security Awareness Training are taught to be watchful for anything suspicious – which includes cables lying about.

    Free USB Security Test

    Find out how your users will react to unknown USBs they find!

    On average 45% of your users will plug in USBs. Find out now what your user’s reactions are to unknown USBs, with KnowBe4's new Free USB Security Test. Download our special, "beaconized" file onto any USB drive. Then label the drive with something enticing and drop the drive at an on-site high traffic area. If an employee picks it up, plugs it in their workstation and opens the file, it will "call home" and report the "fail" to your KnowBe4 console. And for Office documents, if the user also enables macros (!), additional data is tracked and geomapped.

    USBHow your free 7-day USB Security Test works:

    • Fill out the form on the right, and immediately...
    • Download "beaconized" Word, Excel or PDF files
    • Copy to any USB Drive, label and drop it
    • Reports on opens and if macros were enabled
    • Takes just a few minutes to setup

    This is fun. Get your USB Security Test now!

    Test Your Users

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/usb-security-test

     

    Return To KnowBe4 Security Blog

    Topics: Computer Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews