New Evil USB Cable Shows How Attacks Can Leverage Physical Hardware

The latest security research project has led to a USB cable so malicious that it can be used for just about any kind of attack.

We’ve written before about Kevin Mitnick, KnowBe4’s Chief Hacking Officer demonstrating a malicious USB cable. Despite the possibility, until now, there had only been a single known manufacturer of such a cable.

But a new cable has recently come to light – one developed by security researcher Mike Grover. Mike’s personal project is rather sophisticated in comparison to the cable shows previously by Kevin. Grover’s cable – which looks normal to the user – contains a Wi-Fi chip and is detected as a Human Interface Device.


Credit: Mike Grover / Twitter

His cable can be remotely controlled, making it possible to inject commands onto the victim machine, including:

  • Keystroke logging
  • Downloading of malware
  • Installation of Remote Access Trojans
  • Opening of fake websites to harvest credentials
  • And more

According to his webpage, the next iteration seeks to leverage a JavaScript, which opens up the possibilities of what a cable like this can do – including monitoring the victim machine for inactivity (the perfect time to strike), and silently compromising it without the user’s knowledge.

While Grover’s intentions appear to be white hat – he mentions offering these to security researchers – the presence of yet another cable shows how very possible it is for attackers to infiltrate an organization with little more than a seemingly benign piece of hardware.

Users undergoing frequent Security Awareness Training are taught to be watchful for anything suspicious – which includes cables lying about.

Topics: Computer Security

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Recent Posts

Get the latest about social engineering

Subscribe to CyberheistNews