Why it matters: USB-C has been hailed as a speedy communication interface and a conveniently reversible jack that plugs into your device for charging. Add to that the ease of Plug ‘n’ Play-type self-installation, and you’ve got a prime attack vector for your device in a rather simple and unsettling way.
With USB-C now seeing more common usage in notebooks like the brand-new MacBook Pro, mostly due to its space saving ability to double up as charger and data bus, the BBC is reporting on the accomplishments of a security expert who’s demoing a malware-capable Apple charger.
‘MG’, as he wishes to be known, is an expert in USB security flaws, and has developed a number of USB attachments that compromise device security, ranging from Wi-Fi cameras to your smartphone. The BBC met up with him trawling the halls of DEF CON 2018 and discussed his latest accomplishment which he is looking to bring others in on his project “to help develop payloads”.
His current project involves gutting a rather familiar Apple charger, and replacing the internal power circuitry with hardware of his own. The deceit is harder to detect as the charger will still operate as normal, deploying malware while charging your computer – whether it’s a Mac or a PC, in fact. According to MG, it can “inject malware, root kits and persistent types of infections that could be malicious.” While MG dedicated himself to converting an Apple charger, this applies to just about any power brick equipped with an USB-C jack. It’s just that the Apple charger is by far and large the most common around.
The concept itself is fairly well-known among mobile phone experts and goes by the moniker of “juice jacking”. However, with the use of USB-C in PC-grade devices, it takes on a whole different dimension. Just when you thought it was safe to go back into your local coffee shop and ask someone to let you charge up your laptop.