Those Crafty Lil’ Buggers

Topics:
Vulnerability management
This is some text inside of a div block.
Thought leadership
This is some text inside of a div block.
Axel Wirth
Axel Wirth

November 2, 2023

Those Crafty Lil’ Buggers

Hardware-based cyber attacks can be quite impactful and are difficult to defend against but have, at least until now, been hard to pull off and were the domain of sophisticated nation-state actors. We have heard of attempts to install digital back doors in networking gear and phones that could be used for various purposes, including compromising cryptography, gaining control of critical systems, or even the shutdown of infrastructure by an adversary. Security researchers have identified vulnerabilities in a variety of chips and have provided proof of concept for a chip-based attack. In that sense, hardware-based attacks are the ultimate supply chain compromise.

However, deploying such hardware exploits is not trivial and requires technical skill as well as physical access to systems at various stages during the production or deployment process. There is, though, one obvious weak spot in any system, and that is the cable interconnects and corresponding ports.

That is where the folks at Hak5 come in with their offering of a wide variety of cables that come with hidden features, i.e., computer cables (USB, Lightning, …) equipped with a wide range of payloads providing various attack possibilities at an affordable price. Possible use cases include keylogging, keystroke injection, remote attacks via WiFi bridge, and delivery of payloads. Obviously, any use outside of the sanctioned applications for the purpose of red teaming, e.g., to emulate highly sophisticated attack scenarios, as well as for teaching and training purposes would be quite concerning.

Especially since the latest upgrade, going by the name of HIDX StealthLink, provides additional features such as creating a bidirectional covert channel and remote connection that appear as a keyboard on the target system rather than a drive or network interface. Even air-gapped systems are no longer secure as this approach allows you to set up your own WiFi connection thus allowing data exfiltration or penetration of systems that are deemed secure.

Besides red teams (or potential malicious hackers) smuggling such cables into your environment, there is also the risk of them arriving via kitted hardware components that may come with all the cables you need. Hence, as with all other forms of supply chain attacks, a breach via a trusted channel is the most difficult to spot.

Remember the days when they taught you to not pick up and use the USB stick you found in the parking lot? Well, don’t pick up the cable either.

Related articles

Top 5 Things People Get Wrong About SBOM Generation
This is some text inside of a div block.

Top 5 Things People Get Wrong About SBOM Generation

Vulnerability management
This is some text inside of a div block.
Tools & processes
This is some text inside of a div block.
Thought leadership
This is some text inside of a div block.
Jobe Naff
Jobe Naff

October 30, 2024

Cybersecurity in FDA CDRH’s Proposed Guidance List for Fiscal Year 2025
This is some text inside of a div block.

Cybersecurity in FDA CDRH’s Proposed Guidance List for Fiscal Year 2025

FDA readiness
This is some text inside of a div block.
Regulatory
This is some text inside of a div block.
Thought leadership
This is some text inside of a div block.
Axel Wirth
Axel Wirth

October 28, 2024

Meeting FDA Cybersecurity Requirements with Medcrypt Guardian & RTI Connext
This is some text inside of a div block.

Meeting FDA Cybersecurity Requirements with Medcrypt Guardian & RTI Connext

Company
This is some text inside of a div block.
Cryptography
This is some text inside of a div block.
Tools & processes
This is some text inside of a div block.
All authors
All authors

October 22, 2024

Subscribe to Medcrypt news

Get the latest healthcare cybersecurity news right in your inbox.

We'll never spam you or sell your information