select
搜索
Search

Yu Yang Electronics

Location:
Homepage
Latest hacked USB data cable allows attackers to launch remote attacks over WiFi
Check category

Latest hacked USB data cable allows attackers to launch remote attacks over WiFi

  • Categories:Industry news
  • Author:
  • Origin:
  • Time of issue:2019-12-02 16:16
  • Views:

(Summary description)Just like the scene in the 007 movie, a new attack USB cable plugged into a computer could allow an attacker to execute commands over WiFi, just like using a computer keyboard.

Latest hacked USB data cable allows attackers to launch remote attacks over WiFi

(Summary description)Just like the scene in the 007 movie, a new attack USB cable plugged into a computer could allow an attacker to execute commands over WiFi, just like using a computer keyboard.

  • Categories:Industry news
  • Author:
  • Origin:
  • Time of issue:2019-12-02 16:16
  • Views:
Information

Just like the scene in the 007 movie, a new attack USB cable plugged into a computer could allow an attacker to execute commands over WiFi, just like using a computer keyboard.

 

When this special USB data cable is connected to a Linux, Mac, or Windows computer, the operating system treats it as an input device in a human-computer interaction device, and they can issue commands to the computer like a keyboard.

 

This USB data cable is made by security researcher Mike Grover. Its Twitter name is MG and it has a WiFi circuit board integrated on it. An attacker could remotely connect to a USB cable and execute commands or operate a mouse on the computer.

 

— MG (@MG) February 10, 2019

 

In an interview with BleepingComputer, Grover explained that when the USB data cable is plugged in, it is like a keyboard or a mouse. This means that attackers can enter commands regardless of whether the computer is locked or not. What's more frightening is that if the computer has a timed lock screen, you can use a certain configuration to make the USB data cable regularly control the computer to keep it activated.

 

Grover also told BleepingComputer that the WiFi chip in the USB data cable can be pre-configured to automatically return to the shell after the attacker connects to the WiFi network. This allows remote attackers to control the server even after the USB cable is unplugged.

 

According to Grover's blog post, this kind of USB cable-specific app for sending commands is being developed in cooperation. Developers also hope to port ESPloitV2 to USB data cables.

 

WiFi authentication attack

 

Grover finally told BleepingComputer that although using a USB condom can prevent attacks from human-computer interaction devices, it still performs WiFi authentication attacks.

 

WiFi deauth attacks can use deceptive MAC addresses to send deauthentication data frames to disconnect nearby wireless devices from access points.

 

Grover envisioned that the deauth attack could be performed when the attacker had plugged in a USB data cable but could not connect remotely. An attacker may be able to use this to physically transfer the target and see if a new attack opportunity is created.

 

Grover assumes the following scenario, "Although you are not in the range of WiFi access, but the target person is. With this USB data cable, you can make the target carry a hacker USB data cable to move in a certain area. It may only be for a certain camera It may be just a small raid. Imagine that all IT equipment in an office is suddenly disconnected from the Internet.

 

Researchers hope to sell this USB data cable

 

The USB cable is not currently sold, but Grover hopes to sell it to other security researchers in the future.

 

Grover told BleepingComputer that he spent about $ 4,000 and more than 300 hours researching the required WiFi module and adding it to the USB data cable. This is all done using a more junior workbench, which is generally not suitable for creating high-quality circuit boards in a DIY environment.

 

As a result, many users are surprised by the quality of Grover's boards, and even Banta, the maker of board workbenches, wants to know how Grover does it.

Scan the QR code to read on your phone

Dongguan Yuyang Electronics Co., Ltd.
粤ICP备11047430号
by:300.cn