An old-new way to steal your data

https://shop.hak5.org/products/o-mg-cable-usb-c

In the digital world our data is exposed and can easily be stolen by hackers. Whether you’re shopping from your desk, browsing the internet or just connecting at a cafe, your data can be accessed one way or another.

A widespread knowledge is to never share your personal information, especially not through email. Still, a hacker presenting himself as an “interviewer”, a “bank manager” or a “service associate” could make you believe a given offer is real and make you share your data. In that case, your personal information could be at risk.

But the dangers of hackers are not only to be found in your inbox. While using the browser, targeted ads can be camouflaged viruses just waiting to be opened. Still, nowadays we have learned to protect ourselves from most digital hacking methods by installing password generators, ad blockers or VPN’s to protect our data from being stolen.

But can you imagine that we are as vulnerable to hacking in the real world as in the digital one?

Hacking by using hardware* is not a new revolution. We have all seen from old movies, how USB drives that contain viruses can easily be plugged into our computers and steal our data. Well, such devices now exist in real life and are more dangerous than you think.

You may think that it is impossible to plug-in a USB stick in your computer unnoticed. You’ll definitely see it, won’t you? But in reality these kinds of hardware may be unnoticeable for the average person.

Let’s take a look at a small cooperation between: Hak5 and MG. They have managed to create a product, available to the masses, that can steal your data without you even noticing. For the somewhat reasonable price of 140$, everyone can buy themselves a charging cable that looks exactly like the one you have at home. The cable will charge your phone, just as an ordinary one, but also give a hacker a clearing to your data. This device enables everyone in its possession to perform a remote code execution (RCE)* and from that point forward the hacker will have control over your device.

Although this concept is not new, such devices will have cost tens of thousands of dollars or even more to be purchased just a few years back, but today, everyone can get their hands on one. The scary thing is that the victims might not even realize they have been hacked. This cable can auto destruct itself when needed, without leaving a trace of having stolen any data. It will just look as if the cable stops working.

These kinds of cables can’t really be differentiated from the ordinary ones, which means you can stumble upon them in cafes or at the airport, while charging at your table and waiting for your flight. The way to deal with the problem is to be informed and not to forget to always take your charger with you when traveling or going out. This small step can protect your data from being stolen and your privacy from being disturbed.

Disclaimer: Please don’t use the products mentioned in this article to harm others. The stealing of data without permission is illegal and therefore punishable.

Viktor Mitrev, 10. Klasse

Dictionary:

*Hardware: the physical and electronic parts of a computer, rather than the instructions it follows (Cambridge dictionary)

*Remote code execution (RCE) attacks allow an attacker to remotely execute malicious code on a computer

about Hak5:

Founded in 2005, Hak5’s mission is to advance the Information security industry.

about MG:

Developer of the product. „The Crime aficionado. Just likes to start fires“ (https://o.mg.lol/team/)

Sources/ Quellen:

https://hak5.org

https://resources.infosecinstitute.com/topic/top-19-tools-for-hardware-hacking-with-kali-linux/

https://www.kali.org

https://geekflare.com/common-types-of-hacks-and-hackers/