#BeAware: Nothing is impossible

18. September 2019

It is widely known that attackers can manipulate USB memory sticks, computer mice or presenter sticks in order to compromise computers or entire systems.

Not many people are aware, however, that this also works with charging cables. From the outside they look normal, but have been manipulated so that a computer will recognize them as an input device instead of a charging cable.

When using such a cable to connect your smartphone with a computer, a tiny circuit board that was built into the plug can send keystrokes to the computer. By doing that an attacker can open malicious websites or obtain access to a specific network.

What are the consequences for users? First of all: Hands off anything that wasn’t issued by your internal IT department or bought from a reputable supplier. Please be careful with freebies and giveaways or better, don’t accept anything at all. Attackers have no inhibitions to exploit such situations: In the past, listening devices have been found in pens or business card holders, for example.


About #BeAware:
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

Software Security: Requirement and Threat Analysis

Software Security: Requirement and Threat Analysis

In practice, it is not an easy task for manufacturers to continuously integrate a strong security mindset into complex software projects. In our blog series, Stephan Neumann, Head of usd HeroLab, and Torsten Schlotmann, Head of PCI Security...

Security Advisory for VMware Workspace ONE Intelligent Hub

Security Advisory for VMware Workspace ONE Intelligent Hub

Our usd HeroLab pentesters have identified a vulnerability in VMware Workspace ONE Intelligent Hub software while conducting their security analyses. It is a Hidden Functionality / Backdoor (CWE-912) and affects the versions 21.01.0.24 (Android) and 21.01.0 (build...

Security Advisory 11/2021

Security Advisory 11/2021

The usd HeroLabs pentesters have identified vulnerabilities in various products of well-known manufacturers while conducting their security analyses. These include the CVE database from the open source software company SUSE, an appliance from Sophos that is used in...

Categories

Categories