It would be a pretty amusing demonstration to plug in the cable to a display, then pretend to plug the other end into an imaginary computer sitting nearby and have something boot up on the display.
It'd be a cool physical demonstration at a cybersecurity roadshow.
A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Often the keyboard receiver is plugged into the monitor's USB hub and so screen and HID are both going along a single cable ... Which also does power delivery. Such cables are a definite "sales category" and could be a target for supply chain attacks. But if they now have chips onboard, doesn't that mean an attacker could even takeover a genuine cable? It seems like a real risk tbh.
> A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Keystrokes: Easily. At least for USB 3 and 4, USB 1/2 data is a physically separate channel that just happens to almost always be packaged alongside the faster stuff, so the lower speed stuff like input devices is easy to intercept. I don't know if Thunderbolt does the same or not, normally USB-C alternate modes still keep the USB 2.0 signals available but Thunderbolt might be an exception.
Screen: Probably not modern video modes in a purely stealthy cable formfactor *YET*, at least not using COTS parts, but it wouldn't surprise me to find the secret squirrel types either already have it or are working on it.
Was going to say the same thing. With way more processing power you could output the video over USB-C/TB at one end and connect a keyboard at the other.
It would be a pretty amusing demonstration to plug in the cable to a display, then pretend to plug the other end into an imaginary computer sitting nearby and have something boot up on the display.
It'd be a cool physical demonstration at a cybersecurity roadshow.
A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Often the keyboard receiver is plugged into the monitor's USB hub and so screen and HID are both going along a single cable ... Which also does power delivery. Such cables are a definite "sales category" and could be a target for supply chain attacks. But if they now have chips onboard, doesn't that mean an attacker could even takeover a genuine cable? It seems like a real risk tbh.
> A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Keystrokes: Easily. At least for USB 3 and 4, USB 1/2 data is a physically separate channel that just happens to almost always be packaged alongside the faster stuff, so the lower speed stuff like input devices is easy to intercept. I don't know if Thunderbolt does the same or not, normally USB-C alternate modes still keep the USB 2.0 signals available but Thunderbolt might be an exception.
Screen: Probably not modern video modes in a purely stealthy cable formfactor *YET*, at least not using COTS parts, but it wouldn't surprise me to find the secret squirrel types either already have it or are working on it.
I doubt you are going to fit a chip fast enough to snoop Thunderbolt traffic inside of a usb-c plug
1 reply →
I think Think Geek used to have a "frayed cable" usb drive... and there have been "how to" for one such as https://www.evilmadscientist.com/2008/how-to-make-a-sawed-of...
Or Doom.
Was going to say the same thing. With way more processing power you could output the video over USB-C/TB at one end and connect a keyboard at the other.