Can a USB data cable be altered into a Spying data?
There are many potential problems with USB cables. The USB Security is fundamentally broken and modern electronics can be made so small that you can fit all kinds of nasty circuits inside USB cable if you want to do that. And some parties want to do that. USB phone charging can be a security risk and public USB chargers can be dangerous to use.
There are many different ways how an USB cable can be converted to a spying device. Besides DIY projects there are places that sell different types of USB spying cables.
One type of USB spying cable is GSM spy bug hidden inside Micro USB cable. You can fit a small GSM phone electronics inside full size USB plug case, and use that GSM phone as Auto Callback listening device. When you call the mobile number, this device will auto answer and let’s you to hear what is happening near the cable. The GSM electronics can be powered nicely with +5V USB power. The GPS device might or might not touch the USB data pins. In addition to GSM cell phone there can also be GPS location device on the same cable. This kind of GSM USB cable listening devices are sold here and there.
If you are interested what is inside such GSM USB spy cable, read USB spy cable – teardown & vulns article. It reveals that controls were horribly insecure and allowed anyone to monitor all of the cables in use.
Can a USB data cable be altered into a Spying data cable that can inject malicious software in my phone? This is well possible if someone builds a small device, likely at the USB end of your cable. That device would have to be very small to work in your cable, but technically doable. This kind of cables are on the market. Chec
NEW USB CABLE CONTAINS TINY COMPUTER THAT SPIES ON EVERYTHING YOU TYPE article tells that next time you buy a USB cord — or take a free one from a kiosk at an event — you’ll want to make sure it doesn’t spy on every single thing you type. This is not just some speculation of possibility of hacking. A PSEUDONYMOUS SECURITY RESEARCHER SAYS THEY’RE ALREADY MASS PRODUCING THE CABLES. The so-called OMG cable looks just like any other, except for a tiny computer that can automatically record every single keystroke you take while it’s plugged in and transmit them to a hacker. The cable contains a web server, radio, and tiny processors all hidden within the wire itself.
There has been earlier O.MG CABLE – * TO USB-A. A new version of the OMG Cable is a USB-C to Lightning Cable that hackers can use to steal your passwords or other data. It works as a keylogger and data spy. “There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :),” MG told Motherboard. MG has already started to mass-produce the OMG cable and sell it through the hacking community shop Hak5 — ostensibly for security research purposes rather than anything willfully malicious.
What are the possibilities to do something same type yourself? This technology can be implemented by hardware hackers even at home labs. There are open projects like TOMU: A MICROCONTROLLER FOR YOUR USB PORT that fit inside USB socket. There is also newer project HOW A MICROCONTROLLER HIDING IN A USB PORT BECAME AN FPGA HIDING IN THE SAME.
The next question is how to secure yourself against this kind of cables? Is there a way to detect before use or maybe even dis-infect such nasty spy cables?