Security researchers have modified a USB charging cable that could allow hackers to transfer malware onto a target’s computer. Behind the USBHarpoon device is the infamous BadUSB vulnerability.
BadUSB research has been around for several years, first surfacing at the Black Hat Conference in 2014, and naturally known of in hacking communities.
Once the USB device is plugged in, it turns into an external device that is capable of typing and launching commands.
USBHarpoon is a malicious version of a USB charging cable, one that can compromise a computer in just a few seconds. The cables are capable of sending commands and bypassing settings in place that restrict mass storage devices connecting to a computer.
The cable reprograms the controller chip in a USB device to make it appear to be a human interface device, such as a keyboard or mouse.
Bleeping Computer has reported that USBHarpoon cables function as normal with their dual purpose hidden, to avoid any suspicion. Security experts say that these cables are identical to the real thing, so users should be extra cautious of using cables in public spaces etc.
You can protect against these kind of attacks by using a data-blocking device that blocks the data pins on a USB cable and only allows power to go through (but these devices could come with their own problems too, if not fully secured).