USB cables: risk of hacker access


Over the years, hackers have refined the techniques through which they manage to lure users onto the internet. At the same time, however, internet users have learned to recognize the dangers of the web, and therefore to avoid coming across viruses and malware. Sometimes, however, dangers hide even behind the most unexpected tools, such as some everyday objects.
Although apparently harmless, the components of our devices can also become a facilitating tool for cyber attacks. Furthermore, being an integral part of mobile phones, computers and laptops, these components are already in contact with our sensitive information and data. However, to be functional for this purpose, they would have to be tampered with and ready to accept a chip.

But where can the plant be hidden? Most of these objects have an empty space which, although small, is capable of containing the mechanism created by a hacker. An example are USB sticks and cables: the internal part of these objects is in fact smaller than the external covering and leaves an empty space. The «Trojan horse» is therefore ready to be put on the market and, to the naked eye, it is impossible to distinguish it from a non-counterfeit one. In 2019, a well-known hacker named ‘MG’ had tested and sold numerous fully functional Apple cables, which could connect a hacker up to 2 km away from the device.

Cyber ​​attacks via USB cables currently represent a common form of cyber attack, known as «USB-based attack». In this type of attack, the hacker uses a USB cable to introduce malware or other types of malicious software into a computer system by exploiting vulnerabilities in the operating system or connected device.

They exist different types of USB-based attacks:

  • USB Drop Attack: The hacker intentionally leaves malicious USB cables in public places, such as parking lots, bars, coworking spaces, or offices, for victims to pick them up and insert them into their devices. These cables may contain malware that spreads rapidly within your computer system;
  • BadUSB: a type of attack that exploits hardware vulnerabilities present in USB cables to transform them into malicious devices, capable of recording sensitive information or controlling the computer system;
  • Rubber Ducky: An attack that exploits the automatic keyboard capabilities of some USB devices to enter commands into the system and gain access to sensitive information.

To protect your device and computer system from these attacks, it is important to follow some good practices such as: avoid using unknown USB cables or ones left in public places; keep your operating system and software updated with the latest security patches; use computer security tools, such as firewalls and antivirus; never buy USB cables online, second hand or through websites and social media. It is safer to entrust your purchase to the physical or online branches of reference brands in the sector, whose origins are certified and safe.

Another type of attack that is launched by hackers using USB cables is juice jacking. USB-based attack and juice jacking are two types of cyber attacks that involve the use of USB cables but differ in some significant aspects:

  • USB-based attack is a generic term that refers to any type of cyber attack that exploits vulnerabilities in USB devices to introduce malware or any type of malicious software into a computer system.
  • Juice jacking, on the other hand, represents a specific attack that uses USB cables to steal personal information from mobile devices. In this type of attack, the scammer uses a malicious USB cable to connect the victim’s device to a public power source (such as a USB outlet at a mall, coffee shop, or airport), which allows the hacker to steal sensitive data, such as passwords and login information.

In essence, the difference between USB-based attacks and juice jacking lies in the attack method: while USB-based attacks are a generic term for any type of attack that exploits USB cables, juice jacking specifically refers to the attack that exploits USB cables to steal information from mobile devices.

To defend themselves from any type of cyber attack, entrepreneurs and professionals can adopt a Cyber ​​Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *