Plugging a USB cable into your PC may seem like a harmless affair. But not if the cable has been made by a hacker.
On Sunday, the security researcher Mike Grover demonstrated the threat by creating a malicious USB cable that can receive commands from a nearby smartphone and then execute them over the PC it’s been plugged into.
His USB-to-Lightning cable looks pretty generic, but Grover actually fitted a Wi-Fi chip inside one of the sockets. Unsuspecting users will think they’ve plugged a simple cord into their PC. But in reality, the computer will actually detect the cable as a Human Interface Device akin to a mouse or keyboard.
Grover uploaded a video, showing the attack in action. In it, he plugs the cable into a MacBook. Then he uses his smartphone to remotely trigger the laptop to visit a malicious Google login webpage that can secretly collect the owner’s password.