So, this isn’t JUST a USB cable. They actually manage to fit a very simple, very tiny computer into the space of the plug. This little computer basically has two USB ports. It’ll send the data through each way, but it can modify it or record it.

I agree but if you disguise a usb device as a usb cable, you could infect a computer.

So like if you took apart that cable the article is talking about you would find a circuit board with the necessary hardware and firmware to upload the malware.

I suppose there must be some storage capacity in/around the pins on the plug? Enough to hold a small mw program?

USB port can receive storage or hardware devices such as a mouse, keyboard, camera, etc. storage is storage; others are called a HID (human interface device) in windows. any device upon connection gives a signal so computer knows what to do with it – for hardware it installs device drivers and storage gets mounted as an extra drive.

problem with ninja cables or rubber ducky usb drives is that they have HID component hidden, probably along with some storage available so custom code can be loaded. upon plugging in such usb stick or a cable, user is under impression that it is a normal stick or a cable, while this special hardware hides another component that will allow auto-execution of stored code thanks to the automated activation of those HID devices.

once attackers can make you run their code on your machine without you knowing, sky is the limit.

The cable is actually like a external USB thumb drive in disguise.

At that point it is no different than inserting an infected disc into your pc.

And just like any integrated circuit, cpu, memory, or disguised usb drive in a cable… all that is happen is moving electric signals (voltage changes) . It’s not really code moving thru the wire. Other systems and devices read the voltage and interpret it and do other things.

Basically computer chips can be very small nowadays and you can hide a chip in what looks like the end of a regular USB cable.

You can have that chip pretend to be anything else you normally connect via USB including a USB keyboard or a USB drive.

Since USB is build up around the idea of hubs and connecting multiple devices over a single plug, there is nothing preventing such a fake cable from doing the normal thing people expect it do do and at the same doing its hidden trick.

The chip on there might simply notice when it gets connected to a computer and do nothing for a while. Later it blindly fires of keystrokes like [Windows]+[r] followed by [c],[m],[d] and [ENTER] and have a command line open that it then simply types some script into.

Once you have access to them command line you can do all sorts of things like downloading additional code to run form the internet.