USBHarpoon a look-like charging cable that can hack into your computer

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds.

The team was composed of Olaf Tan and Dennis Goh of RFID Research Group, Vincent Yiu of SYON Security, and the popular Kevin Mitnick.

The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.

Nohl demonstrated that to turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Unfortunately, many USB controller chips, including those in thumb drives, have no protection from such reprogramming.

USBHarpoon leverages on a charging cable instead of a USB drive to make the dirty job and hack into a computer.

The cable was modified to allow both data and power to pass through, in this way it is impossible for a victim to note any suspicious behavior.

A weaponized charging cable is not a novelty, a security researcher that goes online with the Twitter handle MG posted two videos that show the BadUSB cables he has built. The cable allows MD to carry out HID attacks when plugged into a computer’s USB port.

Mitnick asked MG to build a cable for him to use in a keynote speech to demonstrate new attack methods, but he did not receive it in time for his speech.

Mitnick contacted the researcher Dennis Goh to build a cable to use in the attack, then Goh accepted and worked with Olaf Tan to build the USBHarpoon.

Yiu confirmed that his cable was not inspired by the MG’s research, anyway he credited the original work from MG once he learned about it.

The USBHarpoon works on unlocked machines, it allows the attackers to launch commands that download and execute a malicious code.

Experts noticed that on Windows, the commands are launched within the Run prompt, while on Mac and Linux they are launched from a terminal.

The attack is any way visible to the owner of the machine, for this reason, to make the attack stealth it is necessary to devise a method to hide the interaction with the system, for example, to run the attack when the victim is not around the machine.

The team of researchers is currently searching for methods to trigger the attack in a stealthy way, for example, involving as attack vectors Bluetooth and radio signals.

As mitigation, the experts suggest the adoption of USB condoms, also known as data-blocking device that works by blocking the data pins on a USB cable.

Anyway, MG published a video PoC that shows how USB condoms can be bypassed as well.

Pierluigi Paganini

(Security Affairs – USBHarpoon , BadUSB)

[adrotate banner=”5″]

[adrotate banner=”13″]