USB Cable Virus Status

[jasnw]

I've lost track of whether the issue of viruses and other malware being hidden in USB cables and adapters (not drives) has ever risen above the level of theoretical threat. Has anyone run into a case of a Mac being infected or otherwise damaged via a USB cable? (Note to MR moderators: this is where it would be great to have a security/privacy forum.)

 

[barbu]

I'd say the threat is real. See also ThunderStrike I believe it's called.

here you can buy some and test
https://mg.lol/blog/badusb-cables/

 

[jasnw]

Yes, I see a lot of talk about potential, and the test samples at sites like badcables, but I don't see any talk about exploits in the wild. Is this a real problem, or a FUD problem?

 

[barbu]

I'd say it's a real problem. Is it a problem for you or me? Maybe, maybe not. Is it a problem for someone who is the target of an entity like a nation state? Almost certainly.

 

[jasnw]

OK, rephrase. A large percentage of USB cables and adapters come from China. Should I be concerned about plugging these into my computers, and if so is there any way to check them before I plug them in?

 

[barbu]

I see now what you mean. I would not be overly concerned about cables from reputable companies. I would not trust a cable sold at the 7-11 till. Not really because of security concerns, but simply failure, fire potential, etc.

I'm not aware of a way to test but there are USB 'condoms' available, I believe they work by limiting the number of pins that are allowed to connect (i.e. power only, not data).