It looks like a USB charging cable. And it is. But it’s more.
What looks like a simple charging cable can actually be an advanced tool with a WiFi access point that can be used to take control of a computer and steal data. To make matters worse, standard intrusion and detection tools have limited ability to detect it, if at all.
Imagine that your organization is a target of a sophisticated nation-state or ransomware group. The attacker targets key employees in with an email offering a quality smartphone charging cable for a great price. The employee receives the cable and then connects it to their work computer – or a personal computer used to remotely access their company network. These cables can not only record keystrokes to steal passwords, but they can also fool the computer into thinking that they are a keyboard. The attacker can use this capability to run scripts that send personal and company information back to the attacker and install persistent access on the device. The possibilities are only limited by your imagination…
How do we stop this? Well, the first thing is to have policies and procedures, as well as training, to prohibit users from using unknown devices that plug into USB ports. The next thing is to seriously consider disabling USB ports on devices used for critical information. Windows can be configured to all for USB charging while disabling the data transfer capability. This is probably sufficient for compliance with CMMC Practices MP.L2-3.8.2 (Media Access), MP.L2-3.8.7 (Removeable Media), and AC.L2-3.1.21 (Portable Storage Use). However, a better option is to completely disable USB ports, if feasible.
The bottom line is that USB ports pose a security risk. And the risk is not just limited to viruses and malware that may be present on an unknown USB drive.
Know your device. Know where it came from. Know the risks.
0 Comments