ice-d Posted May 16, 2023 Share Posted May 16, 2023 I bought a couple of the "Malicious Cable Detector by O.MG" connectors, and would also like to know what a good process could be done (if possible) to validate that a usb attached device, such as a keyboard, mouse or wifi adapter doesn't contain malware of some kind or an exploit. Sorry if this is a repeat question on an existing topic. My current hypothesis is that I may need to setup a test bench of some kind and run X Y and Z tools... help please? Link to comment Share on other sites More sharing options...
DramaKing Posted May 16, 2023 Share Posted May 16, 2023 Keyboards, mice, and WiFi adapters don't contain the logic necessary to store malware. Yes, it's possible to make such devices, but simply don't plug in unknown USB devices and disable USB mass storage as is commonly recommended. Disabling USB ports in firmware completely and only using Bluetooth would be even better. Link to comment Share on other sites More sharing options...
_MG_ Posted May 16, 2023 Share Posted May 16, 2023 Just to point out the obvious: the Malicious Cable Detector is for auditing cables. As for auditing a random electronic, there is no easy answer there. People have entire careers doing this. Comparing against a known good version is generally the easiest starting point. Link to comment Share on other sites More sharing options...
ice-d Posted May 17, 2023 Author Share Posted May 17, 2023 Thank you for the very helpful information. This releaves a lot of anxiety about this particular area of security. appreciate you guys taking the time to answer my question. My worry was that a usb keyboard acquired on Amazon, could potentially log keystrokes and then send this to a remote attacker. I was leaning in the direction of a test bench of some kind, and using usbcap or something to capture traffic from the questionable device. My hypothesis, is that the piece that would make this challenging, is that the malicious activity would only happen if it were triggered in some way, remotely or by local activity. Not just naively running some code when powered on. Hence, why people have a full career in the subject, likely. Link to comment Share on other sites More sharing options...
_MG_ Posted May 21, 2023 Share Posted May 21, 2023 Yeah it’s tricky. Monitoring the data lines will work for some of the less stealth devices. But with OMG Cables, you wouldn’t see anything on the data lines. That’s because the implant doesn’t touch the data lines until a payload is initiated. Even when the OMG is doing keylogging, it’s doing completely passive sniffing so you won’t see anything on the data lines to indicate a problem. Whereas most keyloggers act as a proxy, which means they become active USB devices and are very easy to see on the data lines. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.