USB attacks are so dangerous – IMTEST

If you take your eyes off your notebook for just a moment while on the go, there is a risk that a hacker will launch an attack via the USB port. The attack works even when the laptop is in low-power mode. All the hacker needs is a so-called BadUSB tool. Anyone can buy devices with weird names like USB Ninja or Rubber Ducky in online stores, completely legal.

Dangerous charging cables

USB Ninja are primed charging cables, also known as OMG cables (Oh my God cables) due to their hacking properties. Attackers hook up the cable with a request, for example, to charge the smartphone. The electronics hidden in the cable then allows them to steal data from the computer stealthily while it is charging.

USB Ninja
Anyone Can Buy: UBS Ninja Cables To Steal Data © MIRACLE

USB sticks with malware

Rubber Ducky, on the other hand, is a kind of programmable mini PC that looks like a large memory stick. But don’t let the funny look fool you. It can be prepared, for example, with a parasite that is automatically installed during docking. Such devices are not only commercially available. There are a lot of instructions on the internet on how to make your own parts for a few dollars, for example for USB Kill. When this weapon is docked into a computer’s USB port, it uses electric shocks to fire through the motherboard in seconds. The result is usually a total loss.

Ducky rubber USB stick
Attention duck: Rubber duck sticks allow for different attack possibilities. © IMPEST

Every USB stick carries a risk

Last but not least, commercially available memory sticks can also be misused for attacks. Cybercriminals prepare them in such a way that they launch malware themselves when attaching or opening a file stored on the stick. These are, for example, backdoor Trojans that open a backdoor for remote control of the PC. Optionally, spy programs or ransomware can also be used.

USB stick virus warning

Again and again, viruses and other malware reach PCs via external data carriers. This minimizes the risk of infection.

Curiosity beats reason

Another wicked scam is not to actively engage the stick by yourself, but simply to “place” it in a specific area, for example on a company premises. This means that attackers simply drop the prepared USB stick in the canteen or parking lot in hopes that a curious employee will find the stick and plug it into a corporate computer to view files. Amazingly, this works 98% of the time, according to a University of Illinois study.

How to protect yourself from USB attacks

  • Find a USB stick of unknown origin, throw it away, or leave it lying around. There is a risk that the USB stick has been loaded with malware.
  • Never lose sight of your notebook, smartphone or tablet on the go. Leave the devices in a safe place when you are not around. There is a particular danger in public places such as train stations and airports.
  • Never use an unknown charging cable to charge your notebook or smartphone. It could be an OMG cable.
  • Do not allow strangers to charge the smartphone on your notebook.
  • If you travel regularly with your notebook, protect free USB ports with a USB port lock. These are available from around 15 euros (10 pieces) from online retailers such as Amazon.
USB Castle
These USB locks block free USB ports and can only be removed with the appropriate key. © Lindy

Leave a Comment