Harmless-Looking USB Cable Could Be Used as Attack Method, Researchers Say
An innocent-looking USB cable could actually be a tool for a hacker to take control of a mobile device, at least in theory.
That’s the essence of a new report from researchers at George Mason University.
George Mason professor Angelos Stavrou and some colleagues used an Android smartphone to launch a covert attack, but Stavrou said that any smartphone could be vulnerable when synchronizing to a computer or even just plugged into a charger. Once a cable is compromised, Stavrou said, it can attempt to act as an input device. Like a mouse or keyboard, it can then send signals to take control of a connected computer or phone.
The attack vector is especially pernicious because users aren’t even thinking they might be vulnerable.
“The typical user inherently trusts the connection when hooking up devices using a USB cable because they think they know what it is supposed to do, and they own the two connecting devices,” says Stavrou in a blog post. “Attacks through USB cables haven’t been seen before, so there are no defenses in place to prevent or even detect them.”