2

In this case, the victims may think they are using a generic USB cable, but the PC will recognize the cable as a Human Interface Device, much like it would a mouse or keyboard, giving the attacker just enough permissions to wreak havoc inside the system. This is different from all the other variations as this threat is much trickier to address with awareness practices.

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

https://www.tomshardware.com/news/malicious-usb-cables-wi-fi-controller,38603.html

schroeder
  • 123,438
  • 55
  • 284
  • 319
Filipon
  • 1,204
  • 10
  • 22
  • 1
    How is this question different from your other USBHarpoon question? https://security.stackexchange.com/questions/195170/how-we-can-prevent-innocent-looking-usbninja-usbharpoon-attacks?r=SearchResults&s=2|33.3835 – schroeder Apr 03 '19 at 08:58
  • Just voted myself to close my own question as it started something and now it's the same. – Filipon Apr 03 '19 at 10:49

1 Answers1

2

Depends on your OS.

If you're on Windows you can use Penteract Disguised-Keyboard Detector which will lock the screen when it detects any HID.

If you're on Linux, I think there exists software that whitelists or blacklists USB devices, therefore avoiding the need for awareness.

User42
  • 227
  • 1
  • 4