O.MG - Hacked by my phone charger cable!
So, you're travelling and your phone is running short of power, no problem you've packed your charging cable, haven't you? Well hopefully you won't have to use a stranger’s cable because there may be a nasty surprise!
The guys at Hak5 are selling what looks like a standard power cable but in their words " It is packed with a web server, 802.11 radio". The cable is the brainchild of the hacker MG, his blog has a breakdown of the history of the design
At DefCon a demo was shown where the cable was attached from an iPod to a Mac, once the hacker connects to the cable then can then launch attacks etc.
Vice wrote a blog about how the cable is used to attack devices here.
You also need to watch out for spearfishing attacks that use devices to gain access. If you receive a promo gift then it may be hiding something quite dangerous. I've written articles in the past about the USB rubber ducky, another interesting product from the guys at Hak5.
So, you really need to be careful of what you plug into and also what devices may be lurking in your network.
A secure network design can mitigate the risk of data exfiltration, as well as taking personal responsibility for your own security, our top 5 tips are:
1. Don't run free antivirus software, I will be writing a blog on the dangers of free antivirus software.
2. Awareness training for staff can greatly reduce your risk exposure!
3. Build secure firewall policies, never have a rule that allows full access from the internal network to the Internet.
4. On a corporate network limit access to the Internet via a proxy server or UTM firewall web filter.
5. And of course, monitor every aspect of your network to quickly identity anomalies before then become threats!