Author Topic: Mind your cables! aka Donít borrow that strangerís cable at starbucks  (Read 882 times)

0 Members and 1 Guest are viewing this topic.

Offline F eq ma

  • Thread Starter
  • Posts: 53
Ran across this article about a keylogger cable that looks like a normal lightening cable.

https://www.vice.com/en/article/k789me/omg-cables-keylogger-usbc-lightning

Good reminder to be suspicious of hardware and having physical access rules all.   Like the new play on the old random USB sticks left in the parking lot hacks of the early 2000s.

Offline _rubik

  • * Esteemed Elder
  • Posts: 1063
  • Location: 192.168.x.x
  • Typing on: Brutal60, Lavenders Linears, GMK Jamon
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #1 on: Fri, 03 September 2021, 19:21:52 »
Things like these are a good counter to the "I have an apple product and they protect me against everything" argument.

It's dangerous when any company (regardless of how good their security posture is) lulls customers into a false sense of security.
ai03 Meridian § Mech 27 § E8.5 § Brutal60 § SSK White Label § HHKB Pro JP § vAEK68 Alps Blues § RF87u

Offline Leslieann

  • * Elevated Elder
  • Posts: 3998
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #2 on: Fri, 03 September 2021, 21:20:11 »
This happens every time a new cable comes out, I'm not sure why it always makes such headlines.
Any hack that requires physical access is immediately less of a threat than most others unless you work for a financier, spy agency or doing secret product development.

The USB sticks were targeted, just as they would be today.
Sure you could leave a stick in a parking lot and hope it gets picked up, it could also get run over by several 4x4 pickups before anyone finds it or it could be plugged into their child's laptop where they simply play farming simulator. You are probably not worth hacking individually in this sort of manner you need a modest shotgun approach, one that;s cheap and hits many sop you can sift through what's worthwhile and what isn't. Spending several dollars on sticks or cables hoping to get something worthwhile is a poor way to hack.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline F eq ma

  • Thread Starter
  • Posts: 53
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #3 on: Fri, 03 September 2021, 22:33:31 »
As I read it, this is being ďmassĒ produced, which means kiddies will play.  We just need to be cognizant of the risks.   More knowledge, the better.   Pretty sure we all know now to not insert a random usb stick.   Now we know to not accept cords from strangers.   Most have mundane jobs that are not targeted.   Some donít.

Offline _rubik

  • * Esteemed Elder
  • Posts: 1063
  • Location: 192.168.x.x
  • Typing on: Brutal60, Lavenders Linears, GMK Jamon
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #4 on: Fri, 03 September 2021, 23:19:39 »
As I read it, this is being ďmassĒ produced, which means kiddies will play.  We just need to be cognizant of the risks.

I mean, the wifi pineapple was mass produced and yet people still trust insecure networks every day. It's impossible to skirt every threat unfortunately, but this one feels like a pretty small target though.
ai03 Meridian § Mech 27 § E8.5 § Brutal60 § SSK White Label § HHKB Pro JP § vAEK68 Alps Blues § RF87u

Offline Findecanor

  • Posts: 4848
  • Location: Koriko
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #5 on: Sat, 04 September 2021, 03:16:30 »
I heard about these cables the other day in connection with the Razer mouse driver vulnerability in Windows.
As soon as this was public, someone produced a version of the firmware for the OMG cable to present itself to any host as the Razer mouse's Vendor ID/Product ID pair.

That is all that's needed to cause Windows (with default settings) to automatically download and run Razer's mouse driver -- and the installation program for Synapse, as SYSTEM user. From the installer, it is possible to run PowerShell as SYSTEM. You would need to have physical access and be logged in though - but any user account would do.
A Razer USB speaker's driver and a Steelseries mouse driver have since been discovered to also have the same type of vulnerability, and I've seen rumours of some Asus ROG peripheral to also have it.
Man must shape his tools lest they shape him
-- Arthur Miller

Offline Leslieann

  • * Elevated Elder
  • Posts: 3998
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #6 on: Sat, 04 September 2021, 21:15:03 »
As I read it, this is being ďmassĒ produced, which means kiddies will play.  We just need to be cognizant of the risks.   More knowledge, the better.   Pretty sure we all know now to not insert a random usb stick.   Now we know to not accept cords from strangers.   Most have mundane jobs that are not targeted.   Some donít.
It's. A. Lightning. Cable.
What are you going to do, go to Starbucks and borrow someone's cable to backup your Iphone?

I can see it now, every Starbucks has "that guy" who spends all day waiting around jacked up on coffee for the one person to come in who's desperate to backup their iphone over Lightning and they can spring into action only to get... a few pictures of their kids and a photo of rose they grew in the garden.


From the installer, it is possible to run PowerShell as SYSTEM. You would need to have physical access and be logged in though - but any user account would do.
And accomplish what exactly?

"Can I borrow your cable so I can charge?"
"Sure, I just need to log into your Powershell first..."


It's nothing you the average person needs to worry about.
Trust me, if I have physical access to your machine I don't need some janky cable or permission to grab your data. Access removes 99.9% of the difficulty of hacking anything.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline F eq ma

  • Thread Starter
  • Posts: 53
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #7 on: Sun, 05 September 2021, 18:33:02 »
At the moment, this cable needs to be used from computer to iphone/ipad/mac keyboard.   They choose apple since it would be the hardest.  It does not work from power outlet to iphone.   If it did that, then it is would much easier to target.   It is only time for that to happen.

I can see it now, every Starbucks has "that guy" who spends all day waiting around jacked up on coffee for the one person to come in who's desperate to backup their iphone over Lightning and they can spring into action only to get... a few pictures of their kids and a photo of rose they grew in the garden.

It is a key logger and payload delivery mechanism.   A better example.  I would target an airport known for my high value targets to fly through.  Atlanta.   Close to a gate that has connections to their local office.  Probably end of day and end of week so their phone would be close to dead and they are trying get that final piece of work done before the weekend.  I would leave the cable in one of those charge while you wait kiosks, probably have one in all ports to look like they come with it.   Southwest has them built into the comfy chairs at their gates.  Or in an official looking container talking about complementary cables.  Then I would simply wait nearby for someone with a connecting flight.  They pull out their laptop to work on and to charge their phone.   The cable I offer is handier than digging in that laptop bag to get their own.  Hell, it was ďfreeĒ and they can never have too many cablesÖ.never discount how cheap people can be.   They then log into something that I could leverage as a stepping stone to greater access.   Corporate email would be ideal.  Teams, discord or slack could work too.  I donít need usernames and passwords.  Just having inside knowledge can allow me to have a very accurate spear fishing email.   Or, I can trigger the payload to execute.   Sure, they may see something flash on the screen assuming they werenít looking at something else, like me asking if the flight is delayed.   It would be too late either way.   Bonus, I catch the same flight as they do and watch them work for the next two hours.   Is my target grandma?  No.   Thinking executives of a major Healthcare IT company or more likely their over worked consultants that work 70 hours per week, travel in relatively easy recognizable ďpacksĒ (company issued bags anyone?), and who fly the same route every week.   Expensive and time consuming? Yes.   Could the payout be worth it?   Oh, hell yes.   This IT company has control of 40% or so of all US hospitals bedsÖ

This keyboard hobby is making me more aware of the risks in hardware hacking.   Never would I have thought that I would be customizing firmware for keyboards with just two hours of reading QMK doc.

My main goal of this post was to raise awareness of the potentials out there.  Everyone is at risk, but your loss may or may not matter.


Offline Leslieann

  • * Elevated Elder
  • Posts: 3998
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #8 on: Sun, 05 September 2021, 22:36:52 »
Secret cables, flights....
Mission Impossible much?

Yes, you've concocting a scenario where it's possible, I never said it wasn't. I said it was something the average person doesn't need to worry about and if they do there's far easier and precise methods to get it than some Mission Impossible scenario that has far too many variables to to work. For example, just pretend to work in the industry and "accidentally" run into him at the airport trade business cards and hand him a complimentary cable "we give those to all our potential clients" then wait near his home or business and record the info. The card will already have a lot of the info you need as will a lot of their website.

If you really want to be devious go to an industry convention and hand them out like candy.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)

Offline jamster

  • Posts: 1044
  • Location: Asia
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #9 on: Mon, 06 September 2021, 02:54:23 »
How often do people 'borrow' cables from random strangers?

Thought everyone these days either carried a powerbank (if they are addicted to mobile data and out all day) or they are at a semi-trusted location (work, friend's place, or with friends who have a cable).

Last time I used a random cable from a random person was... cannot remember any time in the past five years.

Seems to me that a far, far more rewarding way to hack people would be to set up public wifi spots and MITM attacks. Don't know how much technical skill is required for this, but at least you'd be targeting tens of people at a time without physical interaction, rather than handing a single person a cable who you have to interact with face to face.
« Last Edit: Mon, 06 September 2021, 02:57:12 by jamster »

Offline F eq ma

  • Thread Starter
  • Posts: 53
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #10 on: Mon, 06 September 2021, 10:26:01 »
Mission Impossible?  Yeah, sure.    Probably easier to simply FedEx the cable to the target as swag from IBM with a coffee mug to boot.   Wasnít Stuxnet delivered via usb drive to a highly secured, air gap environment?   This stuff happens in the real world.

I guess I just have a higher security awareness.   To each their own.

Offline _rubik

  • * Esteemed Elder
  • Posts: 1063
  • Location: 192.168.x.x
  • Typing on: Brutal60, Lavenders Linears, GMK Jamon
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #11 on: Mon, 06 September 2021, 10:58:26 »
Wasnít Stuxnet delivered via usb drive to a highly secured, air gap environment?   This stuff happens in the real world.

Stuxnet played out like a hokey mr robot episode. Or maybe mr robot played out like an embarrassing sec breach.

I agree that we need a heightened security posture (doubly so if youíre working in an air gapped uranium enrichment site). I think the point folks are trying to make is: if you can get someoneís bank pin with social engineering and a soundtrack of a baby crying, using bugged lightning cables feels contrived
ai03 Meridian § Mech 27 § E8.5 § Brutal60 § SSK White Label § HHKB Pro JP § vAEK68 Alps Blues § RF87u

Offline Leslieann

  • * Elevated Elder
  • Posts: 3998
Re: Mind your cables! aka Donít borrow that strangerís cable at starbucks
« Reply #12 on: Mon, 06 September 2021, 11:32:52 »
Seems to me that a far, far more rewarding way to hack people would be to set up public wifi spots and MITM attacks. Don't know how much technical skill is required for this, but at least you'd be targeting tens of people at a time without physical interaction, rather than handing a single person a cable who you have to interact with face to face.
[/quote]
That was my other thought, just setup a hot spot or fake cell system, if you can't isolate the target a wide net is a better option.

And no, it's not that difficult, it's also not super difficult to detect if you're prepared for it. A lot of it is *(relatively) common security and networking tools you use for legitimate purposes. This is also why none of the tech is illegal, it needs to be available for penetration testing.


Mission Impossible?  Yeah, sure.    Probably easier to simply FedEx the cable to the target as swag from IBM with a coffee mug to boot.   Wasnít Stuxnet delivered via usb drive to a highly secured, air gap environment?   This stuff happens in the real world.
The USB stick is a well known tried and true method, that's why many corpoations hot glue the ports closed.
Novelkeys NK65AE w/62g Zilents/39g springs
More
62g Zilents/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 magnetic cable, pic
| Filco MJ2 L.E. Vortex Case, Jailhouse Blues, heavily customized
More
Vortex case squared up/blasted finish removed/custom feet/paint/winkey blockoff plate, HID Liberator, stainless steel universal plate, 3d printed adapters, Type C, Netdot Gen10 magnetic cable, foam sound dampened, HK Gaming Thick PBT caps (o-ringed), Cherry Jailhouse Blues w/lubed/clipped Cherry light springs, 40g actuation
| GMMK TKL
More
w/ Kailh Purple Pros/lubed/Novelkeys 39g springs, HK Gaming Thick PBT caps, Netdot Gen10 Magnetic cable
| PF65 3d printed 65% w/LCD and hot swap
More
Box Jades, Interchangeable trim, mini lcd, QMK, underglow, HK Gaming Thick PBT caps, O-rings, Netdot Gen10 magnetic cable, in progress link
| Magicforce 68
More
MF68 pcb, Outemu Blues, in progress
| YMDK75 Jail Housed Gateron Blues
More
J-spacers, YMDK Thick PBT, O-rings, SIP sockets
| KBT Race S L.E.
More
Ergo Clears, custom WASD caps
| Das Pro
More
Costar model with browns
| GH60
More
Cherry Blacks, custom 3d printed case
| Logitech Illumininated | IBM Model M (x2)