Varios expertos en seguridad han creado una versión maliciosa de un cable de carga USB, que puede hacer vulnerable un ordenador en pocos segundos. Una vez enchufado, se convierte en un dispositivo periférico capaz de escribir y ejecutar comandos.
USBHarpoon, como lo llaman sus creadores, Según una investigación llamada BadUSB, por parte de Karsten Nohl y su equipo en Security Research Labs, se demostró que un atacante puede reprogramar el chip controlador de una unidad USB y hacer que aparezca en el ordenador como un dispositivo de interfaz humana (HID).
El tipo de HID puede ser cualquier cosa, desde un dispositivo de entrada como un teclado que emite una sucesión rápida de comandos, up to a network card that modifies the system's DNS settings to redirect traffic.
With USBHarpoon, security experts replaced the USB drive with a charging cable, something that is as ubiquitous as it is unlikely that users are aware that this cable is used to hack their device.
The cable comes with modified connectors that allow the passage of data and power, so it will perform the desired function. This feature allows it to be accompanied by any type of device that works via USB: fans, dongles (USB device that allows us to add features to our computer that were not contemplated when it was designed or built. Among these features is the possibility of adding wireless connection, either via Wi-Fi or Bluetooth), without raising suspicions that you need to plug in the cable.
Protecting yourself against attacks that rely on a USB connection is not easy. One possible response is to use a data blocker device, also known as a USB condom. An electronic accessory like this blocks the data pins on a USB cable and only allows power to pass through. But USB condoms can also be infected, and they cannot be trusted unless you have a way to audit them before using them.
Nevertheless, and as a preventative measure, we must update
the software on all our devices and never use USB cables from public places.