The team was composed of Olaf Tan and Dennis Goh of RFID Research Group, Vincent Yiu of SYON Security, and the popular Kevin Mitnick.
The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.
Nohl demonstrated that to turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Unfortunately, many USB controller chips, including those in thumb drives, have no protection from such reprogramming.
USBHarpoon leverages on a charging cable instead of a USB drive to make the dirty job and hack into a computer.
The cable was modified to allow both data and power to pass through, in this way it is impossible for a victim to note any suspicious behavior.
A weaponized charging cable is not a novelty, a security researcher that goes online with the Twitter handle MG posted two videos that show the BadUSB cables he has built. The cable allows MD to carry out HID attacks when plugged into a computer’s USB port.
Mitnick asked MG to build a cable for him to use in a keynote speech to demonstrate new attack methods, but he did not receive it in time for his speech.
Mitnick contacted the researcher Dennis Goh to build a cable to use in the attack, then Goh accepted and worked with Olaf Tan to build the USBHarpoon.
Once MG has seen the USBHarpoon, commented that the cable is the same he designed which images he shared with Mitnick.
Yiu confirmed that his cable was not inspired by the MG’s research, anyway he credited the original work from MG once he learned about it.
The USBHarpoon works on unlocked machines, it allows the attackers to launch commands that download and execute a malicious code.
Yiu published a short video to show how USBHarpoon works. The video PoC shows a drone connected to a Windows PC and sends it commands to list content in a folder on the system drive.
Experts noticed that on Windows, the commands are launched within the Run prompt, while on Mac and Linux they are launched from a terminal.
The attack is any way visible to the owner of the machine, for this reason, to make the attack stealth it is necessary to devise a method to hide the interaction with the system, for example, to run the attack when the victim is not around the machine.
The team of researchers is currently searching for methods to trigger the attack in a stealthy way, for example, involving as attack vectors Bluetooth and radio signals.
As mitigation, the experts suggest the adoption of USB condoms, also known as data-blocking device that works by blocking the data pins on a USB cable.
Anyway, MG published a video PoC that shows how USB condoms can be bypassed as well.
USBHarpoon is the demonstration that USB devices can be used as attack vectors difficult to detect.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – USBHarpoon , BadUSB)
[adrotate banner=”5″]
[adrotate banner=”13″]
Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…
This website uses cookies.
