Charging cable instead of memory stick: attacks on the usb interface

Charging cable instead of memory stick: attacks on the USB interface

Almost every user woman is that it is a bad idea to use found usb memory sticks – too often hackers have praporized them. But also charging cables are now an attacking method, as bastian bauer explains in the current ix 7/2020.

The article introduces the new exploit tool usbninja. Turned as a usb power source for the smartphone, so you can take a system with remote control from a secure distance. Basis, as with other peripherals, is previously the badusb attack, which can handle the permissions and established security policies.

Origin of the usbninja is a crowdfunding campaign of the rfid research group. Penetration testers receive such an attack tool in a new robe, because awareness-raising against traditional badusb periphery shows effect in companies. In addition to the charging cable, a remote control and a magnetic ring are included in the package. Uber the latter is called the developer mode.

Section of the software can be written to payloads with the arduino ide and the programming language c. Example projects are included in the package, the article explains the first steps for test attacks.