←back to thread

Investigating an “evil” RJ45 dongle

(lcamtuf.substack.com)
508 points zdw | 1 comments | 17 Jan 25 20:41 UTC | HN request time: 0.201s | source
Show context
MartijnBraam ◴[17 Jan 25 22:13 UTC] No.42743835[source]
I came across the tweet about this "Evil" dongle and instantly recognized it as the exact same thing I worked on before... It's not evil, it's just annoying.

https://blog.brixit.nl/making-a-usb-ethernet-adapter-work-sr...

In my case I disabled the SPI flash module to have it not appear as a CD drive, the author of this post actually found some documentation about the SPI being optional. Funnily enough this post now also gives you all the tooling to make an actual evil RJ45 dongle by reflashing one :D

replies(4): >>42744057 #>>42744435 #>>42747116 #>>42748205 #
Cthulhu_ ◴[18 Jan 25 09:42 UTC] No.42747116[source]
> Funnily enough this post now also gives you all the tooling to make an actual evil RJ45 dongle by reflashing one :D

Ironic! I'm convinced most security problems are caused by well-meaning people breaking down hard- and software and explaining how to "hack" things. I mean if that's unintentional than at best it was security by obscurity to begin with which should be exposed so people don't rely on it.

replies(2): >>42747324 #>>42747396 #
rickdeckard ◴[18 Jan 25 10:42 UTC] No.42747396[source]
If you think some curious spare-time white-hat hackers are the main cause of most security problems, you grossly underestimate the size and skillset of the black-hat hacking industry, and the unlimited profit-potential available in that field...
replies(2): >>42747514 #>>42747591 #
jdietrich ◴[18 Jan 25 11:06 UTC] No.42747514[source]
You can just buy a malicious USB cable, complete with a suite of payloads - from a US company, no less.

https://hak5.org/products/omg-cable

replies(1): >>42748276 #
1. tacet ◴[18 Jan 25 13:47 UTC] No.42748276[source]
I hope someday some youtuber drops omg cable at my office for content. Preferably several.