Jump to content
Master Disaster

Interesting new MITM attack demonstrated, your laptop can probably be hacked via its charger

Recommended Posts

Posted · Original PosterOP

As we all know, most modern laptops now use the USB Port for charging as well as it's normal uses. Well a hacker has figured out how to hijack a laptop simply by plugging in its charger.

Quote

A neat feature of many modern laptops is the ability to power them up through the USB port. Unlike the rectangular USB ports of old, the newer type - USB-C - can carry enough power to charge your machine.

 

That’s great news: it means you don’t need to add a separate port just for charging. And when the USB port isn’t being used for power, it can be used for something useful, like plugging in a hard drive, or your phone.

 

But while you and I may look at that as an improvement, hackers see an opportunity to exploit a new vulnerability. <- It's not an improvement though

A hacker called MG has demonstrated what he calls a booby trapped charger, essentially he's filled the charger with everything he needs to launch a MITM attack (my guess would be a PIC, Arduino or maybe a Ras Pi Zero?). Simply connect the charger and your payload is delivered. Pretty fucking clever but also very scary if you ask me.

Quote

One researcher, who goes by the name MG, showed me how a Macbook charger could be booby-trapped. Modified in such a way it was possible to hijack a user's computer, without them having any idea it was happening.

 

It’s the kind of hack that gives security professionals the chills. The ubiquitous white, square chargers for MacBooks are seen in the offices and coffee shops of the world. They are borrowed, lost and replaced on a regular basis.

 

MG gutted the inside of the charger and filled it with small components - that’s all he’ll say about it, on the record - that are powered up when the unsuspecting victim connects it to their computer.

 

It’s extremely hard to detect - it still charged the laptop as normal.

MG demonstrated how his device can display a fake log in screen and store all entered details however the device could easily be used to deliver malware, keyloggers and root kits. It's seems to be device agnostic too, MG demoed using an Apple but he claims it would work on Windows devices too.

Quote

The hijacking device was able to insert a fake log-in screen into a website. Were he to use this technique for real, he could use this method to scoop-up whatever data I entered into the fake site.

 

"In the demo we're just capturing a username and password,” MG told me.

 

"But this can also inject malware, root kits and persistent types of infections that could be malicious.”

 

MG is early in the testing phase, but he predicts the attack would likely work on any machine that uses USB-C to get its power.

 

"In this case it’s an Apple, but it works on HP, Lenovo and a lot of others,” he said.

 

Apple did not reply to a request for comment, nor did the USB Implementors Forum, the group responsible for supporting the standard.

https://www.bbc.co.uk/news/technology-45139397

 

Holy shit, you gotta admit that this is a very clever attack vector. Get the chargers into whatever building you want then walk away and wait, no need to touch a computer at all.


Spoiler

Main Rig:-

I7 6700K @ 4.8Ghz | MSI Z170A Gaming M7 | 16GB Corsair Vengeance LPX 3000Mhz | Samsung SM951 512GB NVMe | MSI GTX 1070 Gaming X | Full Alphacool Custom Water Loop | WD Black 1TB | WD Green 4TB | Corsair AX760I | Fractal Define XL R2.0 | Acer XB280HK 4K G Sync | Pioneer BDR-209EBK BDXL | Windows 10 Pro X64/MacOS 10.12.3 Sierra dual boot |

Spoiler

NAS/File Server/DNLA Server:-

I3 6100 | MSI H110 Pro-VD | 8GB Corsair Value 2400Mhz | Sandisk Ultra Plus 120GB SSD | 2 x WD Caviar Red 4TB RAID0 | Coolermaster Hyper 212 Evo | FSP 400w PSU | Aerocool Silent Cube White mATX | Windows Server 2012 R2 |

 

Link to post
Share on other sites
1 minute ago, Froody129 said:

He obviously doesn't want to be... Charged with anything 

not currently anyway. 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
27 minutes ago, Master Disaster said:

One researcher, who goes by the name MG, showed me how a Macbook charger could be booby-trapped. Modified in such a way it was possible to hijack a user's computer, without them having any idea it was happening.

 

It’s the kind of hack that gives security professionals the chills. The ubiquitous white, square chargers for MacBooks are seen in the offices and coffee shops of the world. They are borrowed, lost and replaced on a regular basis.

 

MG gutted the inside of the charger and filled it with small components - that’s all he’ll say about it, on the record - that are powered up when the unsuspecting victim connects it to their computer.

 

It’s extremely hard to detect - it still charged the laptop as normal.

this is something like the Thunderbolt 2 hardware attack vector isn't it o_o (except that the possibility of a hardware attack would be higher because USB-C/Thunderbolt-C used for power input)

Link to post
Share on other sites
1 hour ago, Master Disaster said:

As we all know, most modern laptops now use the USB Port for charging as well as it's normal uses. .

I'm not sure that is true. Except (some) ultrabooks, I don't think the big majority  has moved from standard chargers. Have I been sleeping under a rock? Do you have the stats for that? I am quite interested in that. 


The ability to google properly is a skill of its own. 

Link to post
Share on other sites

To be fair this is a pretty standard USB attack, it's not by any means unique to chargers.

 

I mean the same thing has been done with video dongles, flash drives, mice, keyboards, etc.

 

The solution is simple. Never plug in an untrusted USB device. Period.

 

If you have to use chargers at an airport or something use a USB condom that cuts the data lines. Power Delivery works just fine without data lines as long as you still have the Type-C identification chip, power lanes and the CC lanes that are used for negotiating power.

Link to post
Share on other sites
3 hours ago, Master Disaster said:

Pretty fucking clever

It's not even remotely clever. It's an attack method as old as USB itself.


Plunder with thunder!

Kill for the thrill!

Drink up me hardies,

Til we've had our fill!

 

 

 

 

Pyo.

Link to post
Share on other sites
3 hours ago, mr moose said:

not currently anyway. 

If he were compromised I'm sure he'd bolt.


<Make me a sandwich.> <No! Make it yourself!> <Sudo make me a sandwich.> <FINE.> What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D  CoC F.A.Q Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites

These laptop manufacturers need to wake up and take charge in trying to contain this situation before it steps up into a real crisis. They face a potential surge of backlash if they just blow this off.

 

Quite shocking really.


Upcoming Build: CPU - i9 9900K Mobo - ASUS Maximus XI Hero (Z390) | RAM - 16 GB G.SKILL TridentZ RGB 3200CL14 (B-die) | GPU - ASUS Strix GTX 1080 TI | Cooler - Corsair h115i Pro | SSDs - 500 GB 960 EVO + 500 GB 850 EVO + 1TB MX300 | Case - Corsair 570X | PSUEVGA 850 P2 | Monitor - LG 29UM67-P 2560x1080 60hz | OSWindows 10 Pro. CPU, mobo, cooler, and case will be new arrivals. Currently saving up for 3440x1440 G-sync monitor.

Peripherals - Corsair K70 Lux RGB | Corsair Scimitar RGB | Audio-technica ATH M50X + Antlion Modmic 5 |

CPU/GPU history: Athlon 6000+/HD4850 > i7 2600k/GTX 580, R9 390, R9 Fury > i7 7700K/R9 Fury, 1080TI > Ryzen 1700/1080TI > (soon) i9 9900K/1080TI.

Other tech: Surface Pro 4 (i5/128GB), Lenovo Ideapad Y510P, HTC 10, PS4 Slim.

Link to post
Share on other sites

Meanwhile, I'm "charged" with dated tech. :P


Please tag me if you need assistance or if you want me to contribute to a topic 

 

ASUS RoG STRIX GL502VM

Intel Core i7 7700HQ | GeForce GTX 1060 6GB | 16GB DDR4-2133 | 128GB SanDisk M.2 SATA SSD + 1TB 7200RPM Hitachi HDD | 15.6" 1080p IPS monitor @ 60Hz w/ G-SYNC | Windows 10 64-bit

 

Samsung Galaxy Note8 SM-N950F

Exynos 8895 (4x Mongoose @ 2.3GHz, 4x Cortex A53 @ 1.7GHz)ARM Mali G71 MP20 | 6GB LPDDR4 | 64GB Samsung NAND flash w/ UFS 2.1 dual-lane controller + 128GB SanDisk C10 UHS-I microSD | 6.3" 1440p "Infinity Display" AMOLED | Android Nougat 7.1.1 w/ Samsung Experience 8.5

Link to post
Share on other sites

Man, next week we'll find out that you can be hacked through the power grid with your PC just being plugged in...

 

Oh wait it's already a thing too

 

Quote

Dubbed PowerHammer, the latest technique involves controlling the CPU utilization of an air-gapped computer using a specially designed malware and creating fluctuations in the current flow in morse-code-like pattern to transfer data hints in binary form (i.e., 0 and 1).


In order to retrieve modulated binary information, an attacker needs to implant hardware to monitor the current flow being transmitted through the power lines (to measure the emission conducted) and then decodes the exfiltrated data.

 

"We show that a malware running on a computer can regulate the power consumption of the system by controlling the workload of the CPU. Binary data can be modulated on the changes of the current flow, propagated through the power lines, and intercepted by an attacker," researchers said.

Both need additional modification; however just goes to show, if anyone wants your data bad enough, they'll take it.

 

And this had been a thing before 2018, butt takes a while for media to catch on.

 

GLHFDD

 

https://thehackernews.com/2018/04/hacking-airgap-computers.html?m=1

Link to post
Share on other sites
2 hours ago, Sniperfox47 said:

To be fair this is a pretty standard USB attack, it's not by any means unique to chargers.

 

I mean the same thing has been done with video dongles, flash drives, mice, keyboards, etc.

 

The solution is simple. Never plug in an untrusted USB device. Period.

 

If you have to use chargers at an airport or something use a USB condom that cuts the data lines. Power Delivery works just fine without data lines as long as you still have the Type-C identification chip, power lanes and the CC lanes that are used for negotiating power.

I was going to say the same thing I didn't think this was anything knew and delivering a malicious payload over a USB charger is kinda an old concept.

Link to post
Share on other sites

do people really connect their laptop to random chargers they out in the world?

 

might as well call clicking on a "download malware" button a "hack"


FAQ answers

  1. Yes
  2. No
  3. No
Link to post
Share on other sites
20 minutes ago, Arika S said:

do people really connect their laptop to random chargers they out in the world?

The potential for counterfit chargers being sold in stores and online is something to consider to.


Plunder with thunder!

Kill for the thrill!

Drink up me hardies,

Til we've had our fill!

 

 

 

 

Pyo.

Link to post
Share on other sites
24 minutes ago, Drak3 said:

The potential for counterfit chargers being sold in stores and online is something to consider to.

You heard it here folks, the $5 charger from eBay that's normally $80 isn't a good idea.

 

Counterfeit chargers are already kind of a problem, this is just a secondary (albeit important) reason to avoid them.


PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to post
Share on other sites
5 hours ago, Master Disaster said:

Well a hacker has figured out how to hijack a laptop simply by plugging in its charger.

Sounds to me like these companies need to disable the data connections on a USB type-C port, whenever it's being used for charging.  That would kill this type of attack cold.  It may not necessarily be feasible to do on a cell phone (as there's only one port, and people may need it for additional purposes while charging), but it should be plenty doable on a laptop.

Link to post
Share on other sites
13 minutes ago, Jito463 said:

Sounds to me like these companies need to disable the data connections on a USB type-C port, whenever it's being used for charging.  That would kill this type of attack cold.  It may not necessarily be feasible to do on a cell phone (as there's only one port, and people may need it for additional purposes while charging), but it should be plenty doable on a laptop.

It wouldn't stop this attack unless you already had a dead battery. The attacker could just cut the power lines on the charger and cause the fake guest OS to pretend to charge.

 

I also just want to point out this isn't even unique to USB. There are far worse attacks that can be done over PCIe (including thuderbolt), FireWire, or any other connection that allows DMA (Direct Memory Access).

 

(Do note some Intel and AMD Chipsets allow a special DMA mode over USB too for debugging purposes.)

Link to post
Share on other sites
1 hour ago, 79wjd said:

You heard it here folks, the $5 charger from eBay that's normally $80 isn't a good idea.

 

Counterfeit chargers are already kind of a problem, this is just a secondary (albeit important) reason to avoid them.

We're assuming that they're charging $5 on eBay. But an individual group could set up shop on Amazon or Newegg, and sell that typically $80 charger for $75, and  not raise as manu red flags.


Plunder with thunder!

Kill for the thrill!

Drink up me hardies,

Til we've had our fill!

 

 

 

 

Pyo.

Link to post
Share on other sites
2 minutes ago, mynameisjuan said:

This has been a vulnerability on phones for years. Its why they make those special charging condoms that dont have data pins. 

Hell this has been a vulnerability on laptops for years.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.


×