From this word onward avoid using a USB cable which is NOT owned by you. An ordinary looking USB Cable bearing all the markings of an official Apple charging cable or for an Android device might have an embedded Wifi module hidden , which will takeover your machine once you connect to it.

MG, The creator of Mr Self Destruct and Bad USB Cables came up with OMG Cable (Offensive MG Kit) where an ordinary looking USB cable is capable of connecting to a WiFi network and may compromise your machine. These attacks are known as HID (Human Interface Device) Attacks:

The HID is a scenario where an attacker takes a programmable embedded development platform and an associated package and creates a USB device which when plugged into a computer will execute a pre-configured set of keystrokes to drop a malicious payload onto the target computer

Mr Self Destruct and Bad USB Cables , What ?

What is Mr Self Destruct

A USB device capable of injecting a payload , which can either be a keylogger or just be used to mess up your device before the USB device self destructs , yeah literally burns.

Mr Self Destruct initial Test  - Mr Self Destruct initial Test - WiFi embedded in USB Cables might Hack You
Demo of an overcharge in Mr Self Destructs initial Test

You could even have the Mission Impossible sort of self destructs if that is your thing , although that would not serve any purpose

You can read about the whole Mr Self Destruct Project on authors official website.

What is a Bad USB Cable

MG’s obsession with USB devices and cables made him practice and more stuff and as he did that he shared his findings with the word. A Bad USB Cable is a simple USB cable with a malicious code embedded in it , while the cable still works as it is intended to work i.e. charge an iPhone or even an iMac. Once a Bad USB Cable is plugged in device it would execute the payload already programmed on it. Bond Stuff ? well Spy Cables are a thing of reality. A demo of the same you can see in the video below where the attack is carried out by Apple Lightening Cable while the cable charges the iPhone too.

I had to explain about the Mr. Self Destruct USB and Bad USB Cables before coming to the main attraction of this post …

Hidden WiFi in USB Cables

The above two examples would have moved you in your chairs but now imagine you plug-in a USB cable and it spawns a back connection and someone start controlling your machine remotely, while the USB Cable we talking about would be as real as any Apple cable can get. See this video to get the idea of what I am saying

You can follow the project page at O.MG Cable , although at the time of writing the developer hasn’t shared the project details and left it with a note saying

I spent about solid weeks chasing this project as a way to also pick up a bunch of new skills. I will be publishing information related to much of that. (using the mill to get this level of detail, etc)

I am sure , the same will be updated in coming days for our consumption.

MG also plans to get these handed out to people who may be requiring these , again he has not worked out the details of mass manufacturing but I am sure if he can get in touch with Scotty Allen , The China iPhone guy could help him out – although they both are from a very separate industry. Let see how the project is revealed nonetheless it is another extra ordinary built-up which would have dynamic utilization by all sorts of tech folks.

Conclusion

Stop using cables and USB devices which aren’t yours, Buy one or be prepared for what you have read and seen above. IT Administrators would need to enforce better policies to ensure such malicious devices do not end up on their networks while also educating their users on what to expect.

While it is worthy to mention the work done by MG is brilliant and you all should follow him @_MG_ so you may keep in touch with his future projects.

What do you think about the Project ? and Will you make a change in your USB-Cable Policies after knowing it is this cable to compromise your devices. Do you think such projects and concepts would be used for malicious purposes ?





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here