It has been reported that recently, a hacker devised a way to control a person’s smartphone – through their USB cable they use to charge their smartphone. The hacker, who works at Verizon Media and goes by the Twitter handle @_MG_, created the tool to highlight outstanding security risks surrounding modern technology. To do this, he took a standard Apple USB Lightning cable and altered it with a small, almost invisible to the naked eye, Wi-Fi enabled implant. This allows other unauthorized parties to access the said device and, potentially wreak havoc by sending phishing pages to the victim’s screen.
How It Works
The rigged cable is stealthy because it looks exactly like a standard Apple USB Lightning cable. Once an unsuspecting person plugs it in, extra components inside of the cable remotely connect the cyber criminal to the device. This cable is embedded with scripts and commands which are ready to run on a victim’s device in order to allow the hacker to assume control of a smartphone or laptop. They can also ‘kill’ the USB implant, which erases evidence of its use.
What Does It Look Like?
It looks like a legitimate USB cable and works just like a normal one. Sometimes, not even your computer will notice a difference. Until an attacker, wirelessly takes control of the cable.
As the unsuspecting victim is charging their smartphone, It’s like the hacker is using their tools as if they are sitting at the keyboard and mouse of the victim- without actually being physically there.
The hacker unveiled his project at the annual Def Con Hacking Conference in Las Vegas, Nevada, explaining that he spent thousands of dollars in the process, with each altered cable taking up to four hours to make.
Although this exercise was focused on an Apple product, ultimately the brand doesn’t matter because any cable can be altered in the same shifty way; Wi-Fi-enabled implants are small enough to be used in accessories issued from every other smartphone brand you can think of.
The hacker said that he altered an Apple cable specifically because they happen to be the most difficult to implant in order to prove the capability and functionality of the hack.
As IT professionals, we here at GCS IT are here to inform you in the hopes that everyone will be more careful in using charging cables.
We advise you not to plug in random flash drives these days, but most people aren’t expecting a cable to be a threat
THE MOST COMMON TYPES OF VIRUS
Just as everyone needs to be cautious with which cables they use, so too should everyone be careful with which sites they visit on their devices; anyone can get hacked just by clicking an infected site! Here are ten digital infections that can harm your device when you’re looking at malicious pages, social media pages, and or adult content.
- Trojans – They can masquerade as innocent programs, but they carry a harmful payload.
- Drive-by downloads – Cybercriminals look for insecure web sites and plant a malicious script into the code on the pages. These take advantage of any unpatched applications on your computer and infect them automatically
- Click-jacking – Click-jacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. Click-jacking can be used to install malware, gain access to a victim’s online accounts or to enable their webcam.
- Tinder bots – These are automatic programs designed to masquerade as real people on a dating site to lure users into clicking on them, with the aim of tricking the victim into disclosing confidential data.
- Cat-Phishing – This is when cyber criminals pose on dating sites or chat rooms, encouraging people to click on the links for live chats or images.
- Ransomware – Cyber criminals use ‘blockers’ to stop the victim accessing their device, often telling them this is due to ‘illegal pornographic content’ being identified on their device. Anyone who has accessed porn online is probably less likely to take the matter up with law enforcement.
- Worm – This is a program that replicates, but does not write its code to other files; instead, it installs itself on a victim’s device and then looks for ways to spread to other devices quickly.
- Porn-ware – This could be a legitimate program, but might actually have adware/malware installed by another malicious program, designed to deliver inappropriate content to the victim’s device.
- Spyware – Software that enables an attacker to secretly obtain information about the victim’s online activities and transmit it from their device unbeknownst to the victim.
- Fake Anti-virus – Fake anti-virus programs prey on people’s fear of malicious software which they believe may have been installed whilst visiting malicious websites including but not limited to adult sites.
Are you protected from Cyber Attacks & Hacks? As El Paso’s leading Managed Service Provider, we specialize in Cyber Security to ensure your data and your business are protected; we provide proper Cyber Security Training so that you & your employees can recognize a red flag when you see one! Should your business require HIPAA Compliance, we also have Cyber Security measures for that as well.