USB Ninja Cable Attack

A malicious version of a USB charging cable has been built compromising a computer in just a few seconds. Once the USB cable is plugged in, it turns into a peripheral device capable of typing and launching commands.

Its makers of several computer security specialists call it USBHarpoon. Researchers have shown an attacker being able to reprogram the controller chip of a USB drive and make it appear to the computer as a human interface device (HID) which can be anything from an input device like a keyboard that issues a rapid succession of commands, to a network card that modifies the system’s DNS settings to redirect traffic.

Replacing the USB drive with a charging cable, users are less likely be aware of. Modified connectors of the cable allow both data and power to pass through. Any type of device that powers through USB can be effected without raising suspicions about plugging the cable.

Now Kevin Mitnick, KnowBe4's Chief Hacking Officer wrote: "I’m excited to share the new #USBNinja cable that uses Bluetooth to command the malicious cable to inject its payload onto a targeted machine. The transmitter range is up to 100m depending on the antenna used.

Mitnick continued with: "My sincere congrats to Olaf, Dennis, Vincent Yiu and the rest of the RFID Team for such brilliant work. This work was borne out of the NSA’s COTTONMOUTH project disclosed by Edward Snowden. For those that are interested in the #USBNinja cable, this was formally codenamed USBHarpoon."

Here is a link where you can see this brand new attack video yourself. Have fun and shiver:
https://blog.knowbe4.com/knowbe4s-chief-hacking-officer-kevin-mitnick-demonstrates-the-usb-ninja-cab...