Security risk through USB cable attacks
USB has brought many benefits to computer users. Actually, the inventors and companies involved should be awarded medals. Tangles of cables with incompatible plugs, sockets and formats have steadily become obsolete since the introduction of the USB standard. It is easy to forget how spoiled we are today, where the greatest inconvenience is probably the lack of backwards compatibility for Type-C connectors. However even the best ideas have their pitfalls, as does USB. We all know that USB sticks can contain malware. Up-to-date anti-virus software and handling storage media appropriately is the best way of mitigating this risk. However, many of us are probably less aware of the risks posed by public charging points which are becoming more commonplace. More incidents are being reported where public charging points were used to distribute malware via the USB port in addition to electricity.
Technically this is easily achieved as the communication on the USB bus runs practically without any security measures. Efforts to authenticate via the bus (type C and higher) primarily serve to match the current strength of the load and source. Meanwhile, USBHarpoon has been developed to package exploits into a stylish and innocuous form. Security researchers led by Vincent Yiu have modified and mass-produced a charging cable capable of carrying a malicious payload. USBHarpoon has Micro USB and Lightning connectors and uses custom firmware to connect to a computer as a human interface device (HID). According to Yiu’s blog, the cable can send automated commands to install malicious software. The USBHarpoon cables are indistinguishable from a standard charging cable.
Yiu’s concept is based on the BadUSB approach first reported by German security researcher Karsten Nohl in 2014. Cunningly, the cable can still be used to charge a device and Yiu and his team want to add additional features, including a switch that enables or disable attack mode. The researchers are also exploring the potential of injecting malicious code via Bluetooth. There are currently few methods of protection against this form of attack. The easiest way of securing device is using a USB sheath. These connectors are placed between the two the cables and only permit current through the positive and negative pin. Logically, these cables can only be used for charging. An elegant and practical solution is not generally available. In principle, manufacturers would have to add security features into the transfer protocol to secure data transmission. It doesn’t look like this will happen any time soon. All that remains is using a USB sheath and hoping that anti-virus software will do its job properly.