Back in 2014 Black Hat Conference, crypto specialists Karsten Nohl and Jakob Lell introduced the concept of BadUSB — a USB security flaw which allows attackers to turn a USB into a keyboard which can be used to type in commands.
Now, a researcher from SYON Security has managed to build a modified USB charging cable that will enable hackers to transfer malware on your PC without you even noticing it. Behind the hood is the BadUSB vulnerability.
Calling it USBHarpoon, the cable is based on an alternative chip and a different firmware. Shockingly, the charging cable can be used with many smartphones and other devices as well.
According to the German news website WinFuture, once the manipulated USB is inserted via the HID, the offender can send off malicious codes like Trojan or any other virus to the device. Windows, Linux and Mac, all three are vulnerable against the attack.
Previously, USB cable used to stop the charging capacity upon implementing BadUSB which introduced the possibility of making the victim suspicious.
On the other hand, pushing commands on Windows would start prompt cmd which would anyway alert users. Therefore, Vincent Yiu and his research team are working on a way that triggers the attack while the victim is away from the device.
While BadUSB is gradually climbing the ladder towards the mainstream cyber attacks, people are also coming up with the corresponding firewalls to tackle the new age attacks.