Microcontrollers in the connector spy on the computer
Most people know that you should be careful with USB sticks. Inserting foreign sticks into the computer always involves a certain security risk. But that was it for most of them with vigilance. Anyone who understands a little more about computers and, above all, about USB problems, knows that it is basically possible to hide a microcontroller in the USB connector. The cable then still looks like an ordinary USB cable. But the microcontroller turns it into a deceitful break-in tool. This principle of the Bad-USB, as it is called at https://www.itsb.ruhr-uni-bochum.de, caused quite a stir a few years ago. It is always best to use your own cable that comes from a trustworthy cable shop, such as https://www.allekabel.de/, which are now also available in Germany.
Ninja USB cable – communicates wirelessly with the outside world
The so-called ninja USB cable with a hidden microchip is different from normal cables. The chip communicates wirelessly with the outside world. With a command via the Bluetooth interface, it is possible to give instructions to the Ninja-USB. Then it uploads espionage or hacking software, for example. A small magnet unlocks the device.
A well-known hacker is behind it
The cable was developed by Mike Grover. He is a well-known security researcher and hacker who caused a stir a few years ago when he launched the O-MG-Cable (Offensive Mike Grover Cable). It looks 100 percent like the USB-C to Lightning cable from. There are millions of these cables. Mike Grover’s cable is prepared. It can be used as a keylogger that records every keystroke someone makes on their PC. The chip sends the data on. A WLAN hotspot for sending data directly is also built in.
This allows the hacker to steal passwords and access data.
Mike Grover’s first cable was still a USB-A to Lightning cable. There was more space in the larger connector to accommodate all of the necessary components. USB-C is much smaller. The hacker has now succeeded in integrating the necessary components into a much smaller rum. So that the attacker remains undetected, the system has a self-destruct mechanism, which is also triggered if the cable is not used on the desired device. A geofencing function ensures that the espionage function is only activated in a certain area. If it leaves this area, it switches itself off automatically.
When connecting the cable to a PC, the cable registers as an input device. The PS normally do not make any inquiries for this, so that the spy remains undetected. The chip doesn’t just work as a keylogger. It can also be programmed to display phishing pages for easy access to passwords. The function even goes so far that an attacker can enter data on the target computer. If the appropriate antenna is used, the range is around 1.6 km. Attacks are also possible from a great distance because a radio chip is integrated. The cable can log into local WLAN networks as a client, provided the cable remains stuck in the computer and is supplied with power. The cable can be bought in hacking shops.
Cable has to be activated first
Only when the cable is activated does it become a spy. In the inactive state, it does what all USB cables do and behaves like a normal cable such as are available in thousands of stores. The cable, when activated, can smuggle in commands and behave humbly without causing damage or like a torpedo that destroys everything. It depends on the user’s intentions, which can be good or bad. Anyone who has bought the cable can use it however they want and do whatever they want with it.
Also ideal for the police and authorities
The cable can be connected to any computer. The firewalls do not recognize it as an intruder. The cable is already well known to the police. Ninja is Japanese for spies who work with espionage, sabotage, murder, guerrilla warfare and infiltration.
It is not easy to protect yourself against it. Disabling the USB ports on a computer is an impractical solution. Many other devices are also connected to the computer via USB. Whitelisting can reduce the attack surface. But there is no such thing as 100 percent protection. Since the user can also change the hardware ID, the cable can be configured in such a way that it is recognized as a known mouse or keyboard. The best protection against attacks is vigilance.
Figure 1: Pixabay © esariutta (CC0 Public Domain)
Figure 2: Pixabay © felixmittermeier (CC0 Public Domain)
Figure 3: Pixabay © readyelement (CC0 Public Domain)