Researchers managed to take the rather well-known BadUSB attack and managed to transfer it into a normal USB cable. The new attack is called USBHarpoon and can infect a PC in a matter of seconds.
Unlike USB sticks people are not very suspicious of charging cables. After all, they normally are only there to transfer data or charge gadgets and are no data storage devices. This makes it the perfect tool for an attack. What’s even worse is that the attack would work on all kind of USB cables and platforms – so not even Mac and Linux devices would be safe.
The cable has a modified firmware as well as modified connectors. This solves an issue other researchers had: While they were able to modify a cable in order to use it for attacks, they didn’t quite manage to also perform its original function, namely charging things up. On the blog Vincent Yiu says: “My team of friends has managed to weaponize this capability to make a fully working USB cable also a compatible HID device.”
Right now you would need to launch commands that actually download and execute the payload. While this can be done, potential victims looking at the PC screen would actually notice that something is awry – at least for now. The researchers behind the malicious cable are also working on delaying the action or using Bluetooth signals to trigger the attack from afar and at a convenient time.