Playing NSA, Hardware Hackers Build USB Cable That Can Attack

Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency’s ANT catalog, a sort of “wish book” for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer’s USB connections into a remote wiretap or even a remote control.

Cottonmouth-I is the sort of man-in-the-middle attack that hackers dream of. Built into keyboard or accessory cables, it allows an attacker to implant and communicate with malware even on a computer that’s “airgapped”—completely off a network. And its hardware all fit neatly into a USB plug. Because of the sophistication of the hardware, the advertised price for Cottonmouth-I was over $1 million per lot of 50—meaning each single device cost $20,000.

But soon, you’ll be able to make one in your basement for less than $20 in parts, plus a little bit of solder. At Shmoocon in Washington, DC, this past weekend, Michael Ossman, a wireless security researcher and founder of Great Scott Gadgets, and a contributor to the NSA Playset–a set of projects seeking to duplicate in open source the capabilities in the NSA’s toolbox, showed off his progress on TURNIPSCHOOL, a man-in-the-middle USB cable project under development that fits a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.

Read 5 remaining paragraphs | Comments