USBHarpoon: How “Innocent” USB Cables Can Be Manipulated To Inject Malware
A researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Under the hood is the infamous BadUSB vulnerability.
Back in Black Hat Conference 2014, crypto specialists Karsten Nohl and Jakob Lell introduced the world with the concept of BadUSB — a security flaw that enabled attackers to turn a USB into a keyboard, ergo typing in malicious commands.
Labeled as USBHarpoon, the cable is based on an alternative chip and a different firmware. Shockingly, the charging cable can be used with many smartphones and other devices as well.
According to the German news website WinFuture, once the manipulated USB is inserted via the HID, the offender can send off malicious codes like Trojans or any other virus to the device. The site mentions – Windows, Linux and Mac, all three are vulnerable against the attack.
Previously, USB cable stopped the charging capacity upon implementing BadUSB which always introduced the possibility of making the victim suspicious.
Although pushing commands on Windows will prompt cmd nevertheless alerting users, Vincent Yiu and his research team are working on a way that triggers the attack while the victim is away from the device.
While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.