This is an old video. It is now very cheap and easy to implement a “rubber ducky” device that is small enough to hide in a USB plug and can extract password information in approximately 15 seconds.
Since the big “thing” at the moment is media hysteria about chargers for electronic cigarettes loading malware and viruses into your computer I thought I’d strip apart some very common Ego clone chargers and see if they contained any circuitry that could do that.
I’m not sure why electronic cigarettes have been singled out for this sudden “revelation”, but the fact that the media are casually popping in how e-cigs can also explode and burn down your house, makes me inclined to think this might be propaganda sponsored by the tobacco industry, which is losing significant revenue to the e-cig industry. Or even the media doing what the media does, and drumming up hysteria for its own gain.
The two theories are that a USB charger could either have a memory chip in it that could upload auto-run malware to your system, or the more intriguing one where a microcontroller emulates another peripheral like a keyboard and executes commands directly. They are both feasible, but would require that products were produced with the deliberate intent of harmful activity for profit. This can’t be ruled out after the incident where a cheap Chinese Android phone was openly sold with deeply rooted factory malware in it. (The Star N9500).
You probably don’t realise that you can use a lot of the functionality of your computer without a mouse, although it’s very slow and irksome. You can navigate Windows with just the keyboard.
For a demonstration of this, try the following without touching your computer mouse. Press the “windows” key (bottom left of your keyboard) and it will open the start menu with the cursor flashing in the search box. Type in the word terminal and press enter. I typed it in hoping it might open a DOS style interface, but instead it brought up the remote access options window! Now you’ll find that by using the tab and cursor keys you can move around in that window. Another more exotic possibility is the keyboard emulating chip starting as soon as the system was powered and emulating the holding of F2 to enter the bios setup. Then it’s all keyboard control to adjust the settings in that anyway….
But I digress…. I opened up three different Ego style USB chargers and not one of them actually used the data lines needed for accessing your computer. They just used the positive and negative USB power lines to derive a supply for charging the e-cigarette.
If you really wanted to know if something contained circuitry that actively communicated with your computer then a simple way to find out would be to plug it into an active computer. If the computer recognises it as a USB device and makes the appropriate warning noise then it is an active USB peripheral. If on the other hand you plug it in and out and it makes no noise, then it’s probably a simple charge circuit that is just stealing power from the USB port.
If in doubt just make sure you only use USB charging devices in a plug-in USB power supply. As always I recommend using a good quality branded power supply.
){kind=link}