A tiny circuit board containing an ESP32-S3 hides inside a USB-C plug on each cable, and can carry out a keystroke injection attack. The cable’s firmware is open-source, and has an impressive set of features: a payload syntax checker, payload autocompletion, OS detection, and the ability to impersonate the USB device of your choice.
\
The cable provides a control interface over WiFi, and it’s possible to edit and deploy live payloads without physical access to the cable (this is where the syntax checker should be particularly useful). The firmware also provides a remote shell for computers without a network connection; the cable opens a shell on the target computer which routes commands and responses through the cable’s WiFi connection (demonstrated in the video below).
\
The main advantage of the Evil Crow Cable Wind is its price: only about $25, at which point you can afford to lose a few during deployment. We’ve previously seen a malicious cable once befo
... show moreA USB cable with built in operating system and wifi for exploiting computers
A tiny circuit board containing an ESP32-S3 hides inside a USB-C plug on each cable, and can carry out a keystroke injection attack. The cableβs firmware is open-source, and has an impressive set of features: a payload syntax checker, payload autocompletion, OS detection, and the ability to impersonate the USB device of your choice.
\
The cable provides a control interface over WiFi, and itβs possible to edit and deploy live payloads without physical access to the cable (this is where the syntax checker should be particularly useful). The firmware also provides a remote shell for computers without a network connection; the cable opens a shell on the target computer which routes commands and responses through the cableβs WiFi connection (demonstrated in the video below).
\
The main advantage of the Evil Crow Cable Wind is its price: only about $25, at which point you can afford to lose a few during deployment. Weβve previously seen a malicious cable once before. Of course, these attacks arenβt limited to cables and USB drives; weβve seen them in USB-C docks, in a gaming mouse, and the fear of them in fans.
https://hackaday.com/2025/06/16/an-open-source-justification-for-usb-cable-paranoia/Most people know that they shouldnβt plug strange flash drives into their computers, but what about a USB cable? A cable doesnβt immediately register as an active electronic device to most people, β¦
Hackaday
Ted •
2 people like this
Jay Bryant and roosw like this.
Andrew Pam •
Jay Bryant likes this.
Mark Wollschlager •
The default behavior of the OS should be to request access for any device plugged in, but who has time for that? It makes the magic go away.
Jay Bryant likes this.
Alex Feldstein •
2 people like this
Jay Bryant and Andrew Pam like this.
Jay Bryant •
2 people like this
Andrew Pam and Mark Wollschlager like this.
kennyc •
2 people like this
N. E. Felibata π½ and Simonalein β½β½β½iβΎβΎβΎ like this.
Mark Wollschlager •
4 people like this
Jay Bryant, kennyc, Andrew Pam and Lisa Stranger like this.
Alex Feldstein •
Jay Bryant •
kennyc likes this.