Hardware-based cyber attacks can be quite impactful and are difficult to defend against but have, at least until now, been hard to pull off and were the domain of sophisticated nation-state actors. We have heard of attempts to install digital back doors in networking gear and phones that could be used for various purposes, including compromising cryptography, gaining control of critical systems, or even the shutdown of infrastructure by an adversary. Security researchers have identified vulnerabilities in a variety of chips and have provided proof of concept for a chip-based attack. In that sense, hardware-based attacks are the ultimate supply chain compromise.
However, deploying such hardware exploits is not trivial and requires technical skill as well as physical access to systems at various stages during the production or deployment process. There is, though, one obvious weak spot in any system, and that is the cable interconnects and corresponding ports.
That is where the folks at Hak5 come in with their offering of a wide variety of cables that come with hidden features, i.e., computer cables (USB, Lightning, …) equipped with a wide range of payloads providing various attack possibilities at an affordable price. Possible use cases include keylogging, keystroke injection, remote attacks via WiFi bridge, and delivery of payloads. Obviously, any use outside of the sanctioned applications for the purpose of red teaming, e.g., to emulate highly sophisticated attack scenarios, as well as for teaching and training purposes would be quite concerning.
Especially since the latest upgrade, going by the name of HIDX StealthLink, provides additional features such as creating a bidirectional covert channel and remote connection that appear as a keyboard on the target system rather than a drive or network interface. Even air-gapped systems are no longer secure as this approach allows you to set up your own WiFi connection thus allowing data exfiltration or penetration of systems that are deemed secure.
Besides red teams (or potential malicious hackers) smuggling such cables into your environment, there is also the risk of them arriving via kitted hardware components that may come with all the cables you need. Hence, as with all other forms of supply chain attacks, a breach via a trusted channel is the most difficult to spot.
Remember the days when they taught you to not pick up and use the USB stick you found in the parking lot? Well, don’t pick up the cable either.