Florida man convinces Western Union clerk to insert a thumb drive, steals $32K, does it again, gets caught

Vasile Savu is accused of walking into a Western Union in Hollywood, Florida and asking the clerk to print out his flight itinerary, a pretense he used to get the clerk to insert a thumb-drive loaded with malicious software into his computers, which allegedly allowed Savu to steal $32k from the business. Read the rest

A malicious USB cable with its own wifi rig

MG has built a proof-of-concept malicious USB cable with a tiny wifi radio hidden inside of it, able to wirelessly exfilatrate stolen data; he calls it the O. MG, and while the prototype cost him $4k and took 300 hours, he's working with a team on a small production run for other security researchers to play with. (via Four Short Links) Read the rest

A deep dive into the technical feasibility of Bloomberg's controversial "Chinese backdoored servers" story

Last October, Bloomberg published what seemed to be the tech story of the year: a claim that Supermicro, the leading supplier of servers to clients from the Pentagon and Congress to Amazon, Apple and NASA, had been targeted by Chinese spies who'd inserted devastating, virtually undetectable hardware backdoors into their motherboards by subverting a small subcontractor in China. Read the rest

Ships are just giant floating computers, filled with ransomware, BadUSB, and worms

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest

Self-destructing thumb drives with smoke loads, glowing elements, tiny explosives

MG's Mr Self Destruct project takes the USB Killer to new levels, combining a $1.50 system-on-a-chip with a variety of payloads: smoke bombs, "sound grenades," and little explosives, cleverly choreographed with keystroke emulation, allowing the poisoned drive to first cause the connected computer to foreground a browser and load a web-page that plays an appropriate animation (a jack-in-the-box that plays "Pop Goes the Weasel" with the drive's explosive detonating for the climax). Read the rest

Teardown of a consumer voice/location cellular spying device that fits in the tip of a USB cable

Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25. Read the rest

USG: an open source anti-BadUSB hardware firewall for your USB port

BadUSB is bad news: malware that targets the firmware in your USB port's embedded system, bypassing the OS, antivirus software and other countermeasures. Read the rest

Beyond Bad USB: Poisontap takes over your sleeping computer with a $5 USB stick

Prolific and dramatic security researcher Samy Kamkar (previously) has unveiled a terrifying device that reveals the devastating vulnerabilities of computers, even when in sleep mode. Read the rest

The $56 USB Killer is an electrified USB stick that will fry a laptop

For €49.95, you can own a "USB Killer" that "instantly and permanently disables unprotected hardware" with a 200V DC shock. The €13.95 USB KILLER TESTER is a shield that blocks the killer from actually delivering its voltage to your machine (buy the tester, get the killer for half price). (via Schneier) Read the rest

Usbdriveby: horrifying proof-of-concept USB attack

Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions. Read the rest

E-cigs and malware: real threat or Yellow Peril 2.0?

After a redditor claimed to have gotten a computer virus from factory-installed malware on an e-cig charger, the Guardian reported out the story and concluded that it's possible. Read the rest