BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Beware of Third-Party Accessories

The Dangers of Purchasing Third-Party Computer Accessories

Think all computer accessories and cables are safe? Think again! Learn how your next accessory purchase could expose your organization to hackers and threats.  

Changing Cables

Buying third-party accessories for computing devices can save money, but what if those purchases ended up being the cause of a cybersecurity attack and the exposure of your company’s sensitive data? New third-party charging cables that have come on the market could be your next data breach culprit if you’re not careful. According to a blog post written by NewQuest IT Solutions, modified versions of Apple’s Lightning cables could be used to gain unauthorized access to your organization’s devices. A hacker can use the wireless implant embedded in the cable to commit an intrusion simply by typing in the cable’s IP address.

How It Works

Since the third-party cable cannot be identified as counterfeit with the naked eye, it is easy for many to be fooled into believing it is legitimate. When you plug in the cable to charge or sync a device, a hacker can now access all the information on that device. The wireless implant inside the cable sends out signals equivalent to a Wi-Fi hotspot. By typing in the cable’s IP address, the hacker is able to pull up data from the device, install malware, send scripts and other commands. The hacker can accomplish all of this as long as he or she is within 300 ft of the cable’s wireless signal.

Devices at Risk

Any device that uses a third-party charging cable or accessory is at risk. That risk increases if multiple third-party accessories are plugged in or the supplier of the accessories could be considered suspect. Although the example highlighted by NewQuest IT Solutions is applicable to Apple devices, there are enough third-party cables and accessories for Windows-based devices that can make them far from risk-adverse. Smartphones, computers, tablets and older devices like the iPod that sync are all vulnerable.

What to Look For

To avoid buying counterfeit accessories and cables, double-check the packaging, the accessory and the supplier. Only purchase third-party accessories that are labeled as certified. Another way to avoid a potential cybersecurity threat is to only purchase from trusted and verified suppliers. Finally, consider switching to OEM versions whenever possible. Although the initial or per unit cost might be higher, it could save you and your organization a more expensive headache in the long run.

More Like This

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) …

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices Read More »

Read More

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are an attractive target …

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 Read More »

Read More

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity …

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems Read More »

Read More

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. …

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation Read More »

Read More

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java

Original release date: July 13, 2020 Summary On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. …

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java Read More »

Read More

AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

Original release date: July 1, 2020 | Last revised: July 2, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from …

AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor Read More »

Read More