Thursday, April 13, 2023

The Mail Room Guy and the USB Spy Cable

Someone "lost" a USB charging cable. You found it. Lucky you? Maybe not...

USB spy cables look exactly like legitimate ones... exactly. 

In this example, the competition has paid an inside employee (the Mail Room guy) to drop a few cables around certain parts of the corporate headquarters. They didn't tell him why. And, he doesn't care. Why should he? He gets $50 per cable dropped.

Once plugged in, the cable takes control of your device. (cell phone, laptop, desktop, etc.) All your data becomes accessible. Next, pre-loaded penetration tools spring into action.

The connection can be used as a pivot point to attack other computers on the network. This is controlled remotely by the spy/hacker, via Wi-Fi to the internet, or via their nearby smartphone.

Once the hacker has infiltrated your network, more data can be extracted, viruses planted, or a ransomware attack staged. Obviously, this is dangerous in a business environment.

Recommendations:
• Mark your cables so if swapped you'll notice.
• Call us. We test USB cables as part of our debugging sweeps.
• If you use our services, we will give you a free test instrument so you can test new cables yourself.