This rigged charger can hijack your new laptop.

Pedro_P

▼ A neat feature of many modern laptops is the ability to power them up through the USB port. Unlike the rectangular USB ports of old, the newer type - USB-C - can carry enough power to charge your machine.
That’s great news: it means you don’t need to add a separate port just for charging. And when the USB port isn’t being used for power, it can be used for something useful, like plugging in a hard drive, or your phone.
But while you and I may look at that as an improvement, hackers see an opportunity to exploit a new vulnerability.
One researcher, who goes by the name MG, showed me how a Macbook charger could be booby-trapped. Modified in such a way it was possible to hijack a user's computer, without them having any idea it was happening.
It’s the kind of hack that gives security professionals the chills. The ubiquitous white, square chargers for MacBooks are seen in the offices and coffee shops of the world. They are borrowed, lost and replaced on a regular basis.
Nasty things
MG gutted the inside of the charger and filled it with small components - that’s all he’ll say about it, on the record - that are powered up when the unsuspecting victim connects it to their computer.
It’s extremely hard to detect - it still charged the laptop as normal.
The hijacking device was able to insert a fake log-in screen into a website. Were he to use this technique for real, he could use this method to scoop-up whatever data I entered into the fake site.
"In the demo we're just capturing a username and password,” MG told me.
"But this can also inject malware, root kits and persistent types of infections that could be malicious.”
MG is early in the testing phase, but he predicts the attack would likely work on any machine that uses USB-C to get its power.
"In this case it’s an Apple, but it works on HP, Lenovo and a lot of others,” he said.
Apple did not reply to a request for comment, nor did the USB Implementors Forum, the group responsible for supporting the standard.
Charing desperation (▪ ▪ ▪)

► Please, read the full note here: Source

chanakyakripa

Thanks for the info Pedro. I just bought a hhp laptop few days back but they are still giving a seperate charging port. However I wanted to know whether they hack if we connect through the usb ports for charging? And how to identify the apparatus is a genuine charger or a hacking device? Is there any clue for it. Please help because I travel a lot and use public charging points. Am anxious.

wakkaday

get a hub

sks

Thanks for the info Pedro. It's very useful. Keep updating info like this.

ramyasri8

Omg!!! gotta be more careful, thanq for the info

Srinivas1939

Thanks for the timely note of caution.