DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Friday, 15 February 2019 15:07

From 'O.MG' to NSA, What Hardware Implants Mean for Security

A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.

During a month-long hiatus between jobs, Mike Grover challenged himself to advance a project he'd been working on for over a year: Creating a USB cable capable of compromising any computer into which it's inserted.

His latest iteration, the Offensive MG or O.MG cable, resembles an Apple-manufactured Mac USB-Lightning cable but incorporates a wireless access point into the USB connector, allowing remote access from at least 100-feet away, according to Grover. A video demonstration shows Grover taking control of a MacBook and opening up Web pages from his phone.

The cable takes advantage of a known weaknesses. To make keyboard, mice, and other input devices as easy to connect as possible, operating system makers have made computers accept the identification, through the Human Interface Device (HID) protocol, of any device plugged into a USB port. An attacker can use the weakness to create a device that acts like a keyboard to issue keystrokes, or a mouse to issue clicks.

...

https://www.darkreading.com/threat-intelligence/from-omg-to-nsa-what-hardware-implants-mean-for-security/d/d-id/1333889