#BeAware: Nothing is impossible

18. September 2019

It is widely known that attackers can manipulate USB memory sticks, computer mice or presenter sticks in order to compromise computers or entire systems.

Not many people are aware, however, that this also works with charging cables. From the outside they look normal, but have been manipulated so that a computer will recognize them as an input device instead of a charging cable.

When using such a cable to connect your smartphone with a computer, a tiny circuit board that was built into the plug can send keystrokes to the computer. By doing that an attacker can open malicious websites or obtain access to a specific network.

What are the consequences for users? First of all: Hands off anything that wasn’t issued by your internal IT department or bought from a reputable supplier. Please be careful with freebies and giveaways or better, don’t accept anything at all. Attackers have no inhibitions to exploit such situations: In the past, listening devices have been found in pens or business card holders, for example.


About #BeAware:
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

PCI DSS v4.0: INFI Worksheet Discontinued

PCI DSS v4.0: INFI Worksheet Discontinued

The Payment Card Industry Security Standards Council (PCI SSC) announced it is discontinuing the Items Noted for Improvement (INFI) Worksheet. INFI, a template for documenting items for improvement, had been introduced with PCI DSS v4.0. Effective immediately, QSAs...

The Surprising Complexity of Finding Known Vulnerabilities

The Surprising Complexity of Finding Known Vulnerabilities

IT security professionals need an efficient and reliable solution for identifying known vulnerabilities in a software product, given its name and version. Our colleagues at usd HeroLab place high demands on such a solution. They evaluated several available solutions...

Categories

Categories