The latest security research project has led to a USB cable so malicious that it can be used for just about any kind of attack.
We’ve written before about Kevin Mitnick, KnowBe4’s Chief Hacking Officer demonstrating a malicious USB cable. Despite the possibility, until now, there had only been a single known manufacturer of such a cable.
But a new cable has recently come to light – one developed by security researcher Mike Grover. Mike’s personal project is rather sophisticated in comparison to the cable shows previously by Kevin. Grover’s cable – which looks normal to the user – contains a Wi-Fi chip and is detected as a Human Interface Device.
Credit: Mike Grover / Twitter
His cable can be remotely controlled, making it possible to inject commands onto the victim machine, including:
- Keystroke logging
- Downloading of malware
- Installation of Remote Access Trojans
- Opening of fake websites to harvest credentials
- And more
While Grover’s intentions appear to be white hat – he mentions offering these to security researchers – the presence of yet another cable shows how very possible it is for attackers to infiltrate an organization with little more than a seemingly benign piece of hardware.
Users undergoing frequent Security Awareness Training are taught to be watchful for anything suspicious – which includes cables lying about.