Those Crafty Lil’ Buggers

Topics:
Vulnerability management
This is some text inside of a div block.
Thought leadership
This is some text inside of a div block.
Axel Wirth
Axel Wirth

November 2, 2023

Those Crafty Lil’ Buggers

Hardware-based cyber attacks can be quite impactful and are difficult to defend against but have, at least until now, been hard to pull off and were the domain of sophisticated nation-state actors. We have heard of attempts to install digital back doors in networking gear and phones that could be used for various purposes, including compromising cryptography, gaining control of critical systems, or even the shutdown of infrastructure by an adversary. Security researchers have identified vulnerabilities in a variety of chips and have provided proof of concept for a chip-based attack. In that sense, hardware-based attacks are the ultimate supply chain compromise.

However, deploying such hardware exploits is not trivial and requires technical skill as well as physical access to systems at various stages during the production or deployment process. There is, though, one obvious weak spot in any system, and that is the cable interconnects and corresponding ports.

That is where the folks at Hak5 come in with their offering of a wide variety of cables that come with hidden features, i.e., computer cables (USB, Lightning, …) equipped with a wide range of payloads providing various attack possibilities at an affordable price. Possible use cases include keylogging, keystroke injection, remote attacks via WiFi bridge, and delivery of payloads. Obviously, any use outside of the sanctioned applications for the purpose of red teaming, e.g., to emulate highly sophisticated attack scenarios, as well as for teaching and training purposes would be quite concerning.

Especially since the latest upgrade, going by the name of HIDX StealthLink, provides additional features such as creating a bidirectional covert channel and remote connection that appear as a keyboard on the target system rather than a drive or network interface. Even air-gapped systems are no longer secure as this approach allows you to set up your own WiFi connection thus allowing data exfiltration or penetration of systems that are deemed secure.

Besides red teams (or potential malicious hackers) smuggling such cables into your environment, there is also the risk of them arriving via kitted hardware components that may come with all the cables you need. Hence, as with all other forms of supply chain attacks, a breach via a trusted channel is the most difficult to spot.

Remember the days when they taught you to not pick up and use the USB stick you found in the parking lot? Well, don’t pick up the cable either.

Related articles

Understanding the Impact of the Pause in NVD Vulnerability Analysis and Exploring New Solutions
This is some text inside of a div block.

Understanding the Impact of the Pause in NVD Vulnerability Analysis and Exploring New Solutions

Tools & processes
This is some text inside of a div block.
Vulnerability management
This is some text inside of a div block.
MedISAO
MedISAO

May 29, 2024

Medical Device Cybersecurity - 2023 Learnings and 2024 Expectations
This is some text inside of a div block.

Medical Device Cybersecurity - 2023 Learnings and 2024 Expectations

All topics
This is some text inside of a div block.
Axel Wirth
Axel Wirth

December 18, 2023

Subscribe to Medcrypt news

Get the latest healthcare cybersecurity news right in your inbox.

We'll never spam you or sell your information

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.