USB cables utilized for injecting malware seems an emerging threat that people would have to deal with. Last year, a researcher showcased the capability of USBHarpoon where “BadUSB” was sourced to transfer malware from an ordinary-looking USB cable.
This Sunday, a security researcher Mike Grover demonstrated something of a similar threat. As detailed on his own website, Grover built a USB-to-Lightning cable that resembled an ordinary cable, however, was fitted with a Wi-Fi chip. Therefore, it can behave like a Human Interface Device (HID) akin to a mouse or keyboard.
This Offensive-MG Cable (OMG) can be used to inject malicious payloads on a device remotely through a smartphone. Moreover, the USB cable can be connected on any nearby Wi-Fi or a cellular hotspot for executing commands.
According to the researcher, the OMG cable has the capability to initiate de-authentication attacks on 802.11, reflash the system firmware, steal victim’s passwords and more.
You like wifi in your malicious USB cables?
The O•MG cable
(Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
— _MG_ (@_MG_) February 10, 2019
Grover told PCMag that he is planning to mass produce malicious USB cables and put them up for sale, apparently for the right reasons. “Getting this cable into the hands of other researcher allows new uses and attacks to be explored,” said the researcher.
His demonstration further highlights the massive dangers of buying or using false USB peripherals. While conventional operating systems still have not taken a security measure, a user can look for a “USB Condom”; A device that only allows the USB cable to exchange power and not data.