A malicious USB cable with its own wifi rig

Originally published at: https://boingboing.net/2019/02/19/o-mg.html

This is why we can’t have nice things…


MG has built a proof-of-concept malicious USB cable with a tiny wifi radio hidden inside of it, able to wirelessly exfilatrate stolen;

You, uh, having a stroke there?

It’s a typo, there’s an ‘l’ missing.

(By Whitney - originally posted to Flickr as Stollen, CC BY 2.0, Link)
(Edited to fix typo in my suggestion that there is a typo. Please expect more of the same.)


You take the cake - cos its stollen.


Interesting, but it seems like there would be easier ways.

That’s it. I’m going back to chalk and slate. If anyone needs me. Send smoke signals.


One suspects that the professional spooks have had this for years.


It’s a fun exercise, I guess. How does the cable access the WiFi without permissions? If you are suspicious enough to think a cable or other rogue device might be communicating through your router, you can always check and see if something other than approved devices are on there. Or, if you are really really worried, buy the gear from the manufacturer and not a third party.

Building a USB cable that can acces your phone and send the info through your cell service would be particularly nefarious.

It doesn’t access your WiFi. It creates its own WiFi hotspot and uses the USB interface as a bridge to the attached computer. This requires the attacker be in relatively close proximity to the target with the attached USB cable, and can only do those things which a USB/HID interface is capable of (although that’s still enough to engineer conditions under which information can be leaked).


Ah, I misunderstood how it works. So instead of accidentally buying one of these, a malicious party would need to be able to replace your cable and then stay within earshot when you use it. Seems like a lot of effort. Very 007 kind of stuff!

How do you know the manufacturer hasn’t been compromised by, or is complicit with, the nefarious party?

Your comment needs an @doctorow

I also wondered how I might ‘exfilatrate’ something and had not made the jump to stollen, but it’s obvious now it’s been mentioned. :wink:

Is it? A type of what? Cake? :wink:

(There’s a rule that governs this, isn’t there - about posts correcting typos or grammar always containing said errors themselves.)

Edited to remove some possible typos.

1 Like

There is indeed - Skitts Law. Doh.

1 Like
1 Like

You don’t. But it’s safer than buying something from Amazon.

Wrong, the only solution is to wrap everything in aluminum foil!

1 Like

Or Muphry’s law

1 Like

Check the ‘COTTONMOUTH’ series, starting on page 44.

The intervening years have lowered the price and now you get ordinary wifi rather than the rather exciting sounding “HOWLERMONKEY (HM) RF Transceiver”; but looks conceptually similar.

This topic was automatically closed after 5 days. New replies are no longer allowed.