This is an old video. It is now very cheap and easy to implement a "rubber ducky" device that is small enough to hide in a USB plug and can extract password information in approximately 15 seconds.
Since the big "thing" at the moment is media hysteria about chargers for electronic cigarettes loading malware and viruses into your computer I thought I'd strip apart some very common Ego clone chargers and see if they contained any circuitry that could do that.
I'm not sure why electronic cigarettes have been singled out for this sudden "revelation", but the fact that the media are casually popping in how e-cigs can also explode and burn down your house, makes me inclined to think this might be propaganda sponsored by the tobacco industry, which is losing significant revenue to the e-cig industry. Or even the media doing what the media does, and drumming up hysteria for its own gain.
The two theories are that a USB charger could either have a memory chip in it that could upload auto-run malware to your system, or the more intriguing one where a microcontroller emulates another peripheral like a keyboard and executes commands directly. They are both feasible, but would require that products were produced with the deliberate intent of harmful activity for profit. This can't be ruled out after the incident where a cheap Chinese Android phone was openly sold with deeply rooted factory malware in it. (The Star N9500).
You probably don't realise that you can use a lot of the functionality of your computer without a mouse, although it's very slow and irksome. You can navigate Windows with just the keyboard.
For a demonstration of this, try the following without touching your computer mouse. Press the "windows" key (bottom left of your keyboard) and it will open the start menu with the cursor flashing in the search box. Type in the word terminal and press enter. I typed it in hoping it might open a DOS style interface, but instead it brought up the remote access options window! Now you'll find that by using the tab and cursor keys you can move around in that window. Another more exotic possibility is the keyboard emulating chip starting as soon as the system was powered and emulating the holding of F2 to enter the bios setup. Then it's all keyboard control to adjust the settings in that anyway....
But I digress.... I opened up three different Ego style USB chargers and not one of them actually used the data lines needed for accessing your computer. They just used the positive and negative USB power lines to derive a supply for charging the e-cigarette.
If you really wanted to know if something contained circuitry that actively communicated with your computer then a simple way to find out would be to plug it into an active computer. If the computer recognises it as a USB device and makes the appropriate warning noise then it is an active USB peripheral. If on the other hand you plug it in and out and it makes no noise, then it's probably a simple charge circuit that is just stealing power from the USB port.
If in doubt just make sure you only use USB charging devices in a plug-in USB power supply. As always I recommend using a good quality branded power supply.
Since the big "thing" at the moment is media hysteria about chargers for electronic cigarettes loading malware and viruses into your computer I thought I'd strip apart some very common Ego clone chargers and see if they contained any circuitry that could do that.
I'm not sure why electronic cigarettes have been singled out for this sudden "revelation", but the fact that the media are casually popping in how e-cigs can also explode and burn down your house, makes me inclined to think this might be propaganda sponsored by the tobacco industry, which is losing significant revenue to the e-cig industry. Or even the media doing what the media does, and drumming up hysteria for its own gain.
The two theories are that a USB charger could either have a memory chip in it that could upload auto-run malware to your system, or the more intriguing one where a microcontroller emulates another peripheral like a keyboard and executes commands directly. They are both feasible, but would require that products were produced with the deliberate intent of harmful activity for profit. This can't be ruled out after the incident where a cheap Chinese Android phone was openly sold with deeply rooted factory malware in it. (The Star N9500).
You probably don't realise that you can use a lot of the functionality of your computer without a mouse, although it's very slow and irksome. You can navigate Windows with just the keyboard.
For a demonstration of this, try the following without touching your computer mouse. Press the "windows" key (bottom left of your keyboard) and it will open the start menu with the cursor flashing in the search box. Type in the word terminal and press enter. I typed it in hoping it might open a DOS style interface, but instead it brought up the remote access options window! Now you'll find that by using the tab and cursor keys you can move around in that window. Another more exotic possibility is the keyboard emulating chip starting as soon as the system was powered and emulating the holding of F2 to enter the bios setup. Then it's all keyboard control to adjust the settings in that anyway....
But I digress.... I opened up three different Ego style USB chargers and not one of them actually used the data lines needed for accessing your computer. They just used the positive and negative USB power lines to derive a supply for charging the e-cigarette.
If you really wanted to know if something contained circuitry that actively communicated with your computer then a simple way to find out would be to plug it into an active computer. If the computer recognises it as a USB device and makes the appropriate warning noise then it is an active USB peripheral. If on the other hand you plug it in and out and it makes no noise, then it's probably a simple charge circuit that is just stealing power from the USB port.
If in doubt just make sure you only use USB charging devices in a plug-in USB power supply. As always I recommend using a good quality branded power supply.
The command prompt is the windows equivalent of the terminal unless your fancy and use Powershell, but there's a far worse concern the USB killer. This sent somebody to jail for damaging a lot of computers around their college campus. Unless you work in government or something like that getting a payload on to the system is more important in that case you can just buy out the local vendors around an embassy and have them sell your special USB thumb drives with preloaded software and goodies true story and then have access to air gapped systems. There's also keyloggers which log everything you do and the good old device masquerading as a keyboard that can arbitrarily type / repeat commands of any kind. Oh and let's not forget about that plug on your phone that allows you to plug in that portable fan attachment that was handed out for free from that unknown government party while on you're visit to North Korea? Or charging kiosks that could theoretically have a computer inside that dumps the entire contents of your phone or injects something and yes block your data pairs with a USB condom…. And/or buy yourself a good charger after all you wouldn't plug a $500 phone into a $1 charger would you?
Thank You for doing this video. I recently ordered some magnetic chargers for my Android phone and since I have several devices, I decided to order a multi pack so I could have enough to use on all of my devices. Well the first magnetic chargers didn't do a bong bong noise when I used it, but the multi pack ones after a few days started acting strange and weren't charging but actually my battery started draining fast and started doing a constant Bing bong noise, so I switched back to the first one I had bought and it worked perfectly, so, I naturally got suspicious and decided to research if USB cables could contain malware and I found out that, yes they can, So I wondered if I got a strong neodymium magnet like the kind in hard drives and rubbed it over the USB side, could it render any micro chip useless and erase the malware. So, I tried it and it seems to have worked. I did the magnet treatment on all of the cables and my battery isn't draining and the Bing bong noise you mentioned in this video stopped. There are tons of people using these malware infested cables and are completely unaware of this danger. 😞
as expected – windows key and type terminal brings up a command prompt.
I had a ecig battery that had a small LCD screen, which you could update the batteries software, and add logos for the screen. I got rid of the thing a while ago, but I assume the charger that came with it (looked just like any of those you've just taken apart) must have had the data pins active? I may still have the cable, will try and find it….. That one I assume could give you a PC virus/malware/etc……?
The more expensive ecig, the big ones, have microcontrollers in the battery holder and some of the can have firmware upgrades and probably are recognized by the computer but still an antivirus can prevent a virus infestation
Why are these chargers so shit? They never last, the ecigs seem to shit the bed regularly too.
Youtube
can you tell me which one is black and which one is red of this charger out put….I mistakenly torn the wares…
when in the start menu, you need to type cmd and press enter.
you could also press windows key and r at the same time to bring up the run box which allows access to everything in your computer.
I think the concern is that someone with ill-intent could covertly replace your charger with a modified one. If an e-cigarette can have it's firmware upgraded, than it could be upgraded with malware designed to infect any computers it subsequently connects to. Yes, Windows would play a sound when a USB device is connected, but many computers don't have speakers connected, or turned on. Mainly office computers, and businesses may be the target.
Since you can even bit-bang USB on an ATtiny85 and the uC could just start the USB comm after a small delay, this would be possible. A malicious manufacturer could install some ransomware to make money.
To be fair there have been several legitamite cases of the e cigs exploding due to faulty batteries or mods.
Also the few stories I heard were quick to lay the blame on the consumer for modding it and over drawing the battery