Interesting new MITM attack demonstrated, your laptop can probably be hacked via its charger

[Master Disaster]

As we all know, most modern laptops now use the USB Port for charging as well as it's normal uses. Well a hacker has figured out how to hijack a laptop simply by plugging in its charger.

Quote

A neat feature of many modern laptops is the ability to power them up through the USB port. Unlike the rectangular USB ports of old, the newer type - USB-C - can carry enough power to charge your machine.

 

That’s great news: it means you don’t need to add a separate port just for charging. And when the USB port isn’t being used for power, it can be used for something useful, like plugging in a hard drive, or your phone.

 

But while you and I may look at that as an improvement, hackers see an opportunity to exploit a new vulnerability. <- It's not an improvement though

A hacker called MG has demonstrated what he calls a booby trapped charger, essentially he's filled the charger with everything he needs to launch a MITM attack (my guess would be a PIC, Arduino or maybe a Ras Pi Zero?). Simply connect the charger and your payload is delivered. Pretty fucking clever but also very scary if you ask me.

Quote

One researcher, who goes by the name MG, showed me how a Macbook charger could be booby-trapped. Modified in such a way it was possible to hijack a user's computer, without them having any idea it was happening.

 

It’s the kind of hack that gives security professionals the chills. The ubiquitous white, square chargers for MacBooks are seen in the offices and coffee shops of the world. They are borrowed, lost and replaced on a regular basis.

 

MG gutted the inside of the charger and filled it with small components - that’s all he’ll say about it, on the record - that are powered up when the unsuspecting victim connects it to their computer.

 

It’s extremely hard to detect - it still charged the laptop as normal.

MG demonstrated how his device can display a fake log in screen and store all entered details however the device could easily be used to deliver malware, keyloggers and root kits. It's seems to be device agnostic too, MG demoed using an Apple but he claims it would work on Windows devices too.

Quote

The hijacking device was able to insert a fake log-in screen into a website. Were he to use this technique for real, he could use this method to scoop-up whatever data I entered into the fake site.

 

"In the demo we're just capturing a username and password,” MG told me.

 

"But this can also inject malware, root kits and persistent types of infections that could be malicious.”

 

MG is early in the testing phase, but he predicts the attack would likely work on any machine that uses USB-C to get its power.

 

"In this case it’s an Apple, but it works on HP, Lenovo and a lot of others,” he said.

 

Apple did not reply to a request for comment, nor did the USB Implementors Forum, the group responsible for supporting the standard.

https://www.bbc.co.uk/news/technology-45139397

 

Holy shit, you gotta admit that this is a very clever attack vector. Get the chargers into whatever building you want then walk away and wait, no need to touch a computer at all.

[GoldenLag]

Shocking, isnt it?

[Froody129]

He obviously doesn't want to be... Charged with anything 

[mr moose]

1 minute ago, Froody129 said:

He obviously doesn't want to be... Charged with anything 

not currently anyway. 

[Bouzoo]

1 hour ago, Master Disaster said:

As we all know, most modern laptops now use the USB Port for charging as well as it's normal uses. .

I'm not sure that is true. Except (some) ultrabooks, I don't think the big majority  has moved from standard chargers. Have I been sleeping under a rock? Do you have the stats for that? I am quite interested in that. 

[Taf the Ghost]

Aside from the puns, this takes the Evil Maid attack up several notches. Mr. MG is going to be getting a lot of phone calls from intelligence services. 

 

This one is actually really brutal.

[Taf the Ghost]

If this attack really is as potent as it has the potential to be, it could easily cause some massive rollouts of firmware updates.

[Sniperfox47]

To be fair this is a pretty standard USB attack, it's not by any means unique to chargers.

 

I mean the same thing has been done with video dongles, flash drives, mice, keyboards, etc.

 

The solution is simple. Never plug in an untrusted USB device. Period.

 

If you have to use chargers at an airport or something use a USB condom that cuts the data lines. Power Delivery works just fine without data lines as long as you still have the Type-C identification chip, power lanes and the CC lanes that are used for negotiating power.

[leadeater]

When you miss out on the pun-athon .

 

Also cleaned them out, little too many.

[Drak3]

3 hours ago, Master Disaster said:

Pretty fucking clever

It's not even remotely clever. It's an attack method as old as USB itself.

[Sauron]

3 hours ago, mr moose said:

not currently anyway. 

If he were compromised I'm sure he'd bolt.

[Phentos]

These laptop manufacturers need to wake up and take charge in trying to contain this situation before it steps up into a real crisis. They face a potential surge of backlash if they just blow this off.

 

Quite shocking really.

[D13H4RD]

Meanwhile, I'm "charged" with dated tech.

[schwellmo92]

This is just a standard USB attack except the delivery method is slightly smarter.. nothing new here.

[Ryujin2003]

Man, next week we'll find out that you can be hacked through the power grid with your PC just being plugged in...

 

Oh wait it's already a thing too

 

Quote

Dubbed PowerHammer, the latest technique involves controlling the CPU utilization of an air-gapped computer using a specially designed malware and creating fluctuations in the current flow in morse-code-like pattern to transfer data hints in binary form (i.e., 0 and 1).

In order to retrieve modulated binary information, an attacker needs to implant hardware to monitor the current flow being transmitted through the power lines (to measure the emission conducted) and then decodes the exfiltrated data.

 

"We show that a malware running on a computer can regulate the power consumption of the system by controlling the workload of the CPU. Binary data can be modulated on the changes of the current flow, propagated through the power lines, and intercepted by an attacker," researchers said.

Both need additional modification; however just goes to show, if anyone wants your data bad enough, they'll take it.

 

And this had been a thing before 2018, butt takes a while for media to catch on.

 

GLHFDD

 

https://thehackernews.com/2018/04/hacking-airgap-computers.html?m=1

[Fasterthannothing]

2 hours ago, Sniperfox47 said:

To be fair this is a pretty standard USB attack, it's not by any means unique to chargers.

 

I mean the same thing has been done with video dongles, flash drives, mice, keyboards, etc.

 

The solution is simple. Never plug in an untrusted USB device. Period.

 

If you have to use chargers at an airport or something use a USB condom that cuts the data lines. Power Delivery works just fine without data lines as long as you still have the Type-C identification chip, power lanes and the CC lanes that are used for negotiating power.

I was going to say the same thing I didn't think this was anything knew and delivering a malicious payload over a USB charger is kinda an old concept.

[Arika]

do people really connect their laptop to random chargers they out in the world?

 

might as well call clicking on a "download malware" button a "hack"

[Drak3]

20 minutes ago, Arika S said:

do people really connect their laptop to random chargers they out in the world?

The potential for counterfit chargers being sold in stores and online is something to consider to.

[79wjd]

24 minutes ago, Drak3 said:

The potential for counterfit chargers being sold in stores and online is something to consider to.

You heard it here folks, the $5 charger from eBay that's normally $80 isn't a good idea.

 

Counterfeit chargers are already kind of a problem, this is just a secondary (albeit important) reason to avoid them.

[Jito463]

5 hours ago, Master Disaster said:

Well a hacker has figured out how to hijack a laptop simply by plugging in its charger.

Sounds to me like these companies need to disable the data connections on a USB type-C port, whenever it's being used for charging.  That would kill this type of attack cold.  It may not necessarily be feasible to do on a cell phone (as there's only one port, and people may need it for additional purposes while charging), but it should be plenty doable on a laptop.

[Sniperfox47]

13 minutes ago, Jito463 said:

Sounds to me like these companies need to disable the data connections on a USB type-C port, whenever it's being used for charging.  That would kill this type of attack cold.  It may not necessarily be feasible to do on a cell phone (as there's only one port, and people may need it for additional purposes while charging), but it should be plenty doable on a laptop.

It wouldn't stop this attack unless you already had a dead battery. The attacker could just cut the power lines on the charger and cause the fake guest OS to pretend to charge.

 

I also just want to point out this isn't even unique to USB. There are far worse attacks that can be done over PCIe (including thuderbolt), FireWire, or any other connection that allows DMA (Direct Memory Access).

 

(Do note some Intel and AMD Chipsets allow a special DMA mode over USB too for debugging purposes.)

[Drak3]

1 hour ago, 79wjd said:

You heard it here folks, the $5 charger from eBay that's normally $80 isn't a good idea.

 

Counterfeit chargers are already kind of a problem, this is just a secondary (albeit important) reason to avoid them.

We're assuming that they're charging $5 on eBay. But an individual group could set up shop on Amazon or Newegg, and sell that typically $80 charger for $75, and  not raise as manu red flags.

[mynameisjuan]

This has been a vulnerability on phones for years. Its why they make those special charging condoms that dont have data pins. 

[Sniperfox47]

2 minutes ago, mynameisjuan said:

This has been a vulnerability on phones for years. Its why they make those special charging condoms that dont have data pins. 

Hell this has been a vulnerability on laptops for years.

[DrMacintosh]

Lets say it together 

 ?physical ?access