Researcher created a malicious USB cables that remotely control macOS devices

Have you ever thought that the USB cables you use may be embedded in malicious modules? Some researchers have used the manual method to create USB cables with WiFi control. This USB cable is no different from the normal Android or Apple certified USB cables, but the internal structure of the cables has been changed and embedded in malicious modules. When you plug in this cable, the attacker can operate remotely, such as sending a remote command to open your browser to download malicious files.

Under normal circumstances, a desktop operating system such as Windows, macOS or Linux recognizes a USB device as a human-machine interaction device such as a mouse and keyboard. Therefore, an attacker can perform remote operations like a mouse and a keyboard, and the command can be executed regardless of whether the device is locked or not.

Usually, the operating system will automatically lock after no operation, but this malicious USB cable can prevent the system from locking by sending a meaningless button. After the user leaves the device, it can be remotely controlled, such as downloading the malicious module and running it and then performing more operations through this malicious.

https://twitter.com/_MG_/status/1094389042685259776

Researcher @_MG_ is the inventor of this type of USB data cable. In the past few months, _MG_ has completed the module embedding by unpacking the wire and manually polishing the PCB. The automatic connection through the preset WiFi hotspot allows the attacker to remotely control, and the network can only connect to the present wireless network such as the public access point. Even so, it can be used to launch targeted attacks against target users, as long as the target user connects a malicious USB cable to the computer in the designated area.

The researchers said the project cost a total of $4,000 and more than 300 hours, for which it also spent $950 to buy a professional-grade bench-top milling cutter. Since there is no experience in PCB design and cutting experience, the researchers made dozens of different PCB boards and made several modifications.

Although the initial research and development costs are higher, the cost of mass production is relatively low, many users are surprised by the quality of the chips that MG has made by hand. At present, PCB manufacturers contact MG and hope to cooperate in production. MG also recruits many researchers to complete the code level. MG said it hopes to produce such USB cables in the future and sell them to other researchers for security testing and to improve the security defenses.