New malicious Lightning cable can steal user data from a mile away
On 2021-09-03 02:53:05 +0000, Lewis said:
In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.
But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent.
So in the end that's no safeguard at all.
Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.
We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.
In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.
On 2021-09-03 02:53:05 +0000, Lewis said:
In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB cables of many types have been created over the last several years. iOS asks you before you use any USB device if you trust the device, a detail left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.
But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.
We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.
On 2021 Sep 03, gtr wrote
(in article <sgtopj$8s9$1@dont-email.me>):
On 2021-09-03 02:53:05 +0000, Lewis said:
In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail >>> left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.
But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all.
Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though
nefarious device.
We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a
spy-wire on your desk you'd likely use it without consideration.
Errmm... how are they _getting_ to my desk?
Does the spy cable look like my regular cable?
What if I don't use a cable to connect much of anything except my headphones... and the cable for the headphones is attached to the
headphones, and the adaptor for that cable travels with the headphones.
A new, unrecognized, unrequested USB cable suddenly appearing on my
desk at the office would be regarded with extreme suspicion. At home,
well at home only two people buy computer equipment, and neither of us
leaves random cables
around.
No, I wouldn't use it at all.
On 2021-09-03 02:53:05 +0000, Lewis said:
In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.
But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.
We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.
On 2021-09-03 23:38:58 +0000, Wolffan said:
On 2021 Sep 03, gtr wrote
(in article <sgtopj$8s9$1@dont-email.me>):
On 2021-09-03 02:53:05 +0000, Lewis said:
In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:
New malicious Lightning cable can steal user data from a mile away
This is 1) not news and 2) has nothing to do with lightning. Fake USB cables of many types have been created over the last several years. iOS asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example, every time I connect my keyboard to my iPad.
But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.
We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.
Errmm... how are they _getting_ to my desk?
*Your* desk, maybe not, but it is easy for someone to get to many desks
- for example, a night time office cleaner or security guard.
Even for home users, they could be a housekeeper who comes to clean
your house when you're out, or if you take you device to a repair shop
or a repair tech comes to you, a nasty person could easily swap the
cable without you knowing.
One potential solution would be to use a permanent marker to put a line around the cable somewhere, but you would have to constantly check for
it still being there before using your device.
Does the spy cable look like my regular cable?
Yes. It can be made to look like any ordinary cable, including those
from specific manufacturers such as Apple, IBM, etc.
What if I don't use a cable to connect much of anything except my headphones... and the cable for the headphones is attached to the headphones, and the adaptor for that cable travels with the headphones.
It probably wouldn't take much for some nasty person working at these manufacturing companies to slip a similar device into cables shipping
with products.
The reality is that this particular one and the ones before it are
keystroke recorders, so only really an issue if using it with a
keyboard (including wireless ones if you stick an wireless adapter in
the end of the cable or a hub connected via the cable) or potentially
when diasy-chaning devices ... you can't record keystrokes from a
product like headphones that don't send keystorkes.
A new, unrecognized, unrequested USB cable suddenly appearing on my
desk at the office would be regarded with extreme suspicion. At home,
well at home only two people buy computer equipment, and neither of us leaves random cables
around.
No, I wouldn't use it at all.
As above, someone like a nasty repair technician or housekeeper could
easily swap the cables without you ever knowing.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 294 |
Nodes: | 16 (2 / 14) |
Uptime: | 243:38:48 |
Calls: | 6,626 |
Calls today: | 2 |
Files: | 12,175 |
Messages: | 5,320,261 |