Can someone hack through a laptop charger

Most users are aware that the user should not connect a USB stick to his computer. But what about a USB cable?

Take a look at the following picture: A normal USB cable, right?

 

Unfortunately, no! This inconspicuous USB cable is a hacking tool. If it is connected to a PC or notebook, it allows a hacker to take over these devices and steal data. The hacker can operate the cable with his cell phone from a safe distance via WLAN. The cable itself looks and works like any other data / charging cable. Only when the hacker starts an attack does the cable switch to keyboard mode and send normal keyboard commands. The attack takes place respectively on the PC. the notebook and not the connected device (e.g. mobile phone). Thus, no operating system is safe from the cable and it is hardly possible to detect this hacking tool. The principle is almost the same as with a USB Rubber Ducky, only that the USB charging cable can be operated remotely. That makes the cable even more dangerous.

Scenario: charging cable is exchanged

An attack could look like this: A charging cable is connected to a computer. The hacker exchanges this with the manipulated charging cable. The next time the user logs on to the computer and is inactive for a while, the hacker starts a script over the charging cable. Once plugged in, the malicious cable can download code unnoticed, which independently establishes a connection back to the hacker. He now has full control over the device. The hacker can at least do everything the user can do.

A fake lock screen can be loaded, for example, in order to gain access to the user's clear text password.

If the user now enters his password in order to log on to the system again, this is transmitted to the hacker at the same time. At the same time, the hacker is connected to the computer and has full control over the system.

As you can already read in the goSecurity BLOG: Underestimated Danger RDP Session, it is now only a matter of time before a higher privileged user (e.g. domain administrator) logs in, for example to help with a problem caused by the hacker the hacker can take over their permissions in the network.

Protecting yourself against it is not that easy. One possibility would of course be to deactivate all USB ports on the computer via the hardware. However, this is not really practical as other devices are also connected via USB. Whitelisting can reduce the attack surface. However, 100% protection cannot be achieved because the hardware IDs of the cables can be changed and these are then recognized like a familiar keyboard. The best protection remains to raise employees' awareness through regular awareness training. For this purpose, the organizational regulations, with a strict employee agreement, for the use of USB devices with company-owned devices are central.

Author: Marius Hamborgstrøm
In 2014 I managed to convince goSecurity of my talent. As an expert in penetration tests, I was able to uncover many vulnerabilities before a hacker could do it. I am also responsible for the design and implementation of our goTraining courses Hack to PROTECT (H2P) and Hack to PROTECT [ADVANCED] (H2PA). Through my years of experience as an IT manager in a medium-sized bank, I also know the side of the administrator and IT manager in an environment with high security requirements. From this box of experience, I can quickly understand the requirements of our customers, even during audits and comprehensive advice, and advise you in a targeted and practical manner. Finding every vulnerability in yours before someone else can is unfortunately not always realistic. And yet it is my drive and my claim.