Is it safe to use cheap USB data cables?

Do you have reason to expect targeted attacks?

It's reasonable to assume that random cheap cables sold in large scale generally aren't modified to include offensive hardware, mostly for two reasons:

  • That would raise the cost of the cable far above its price, and would be uneconomical even considering the ability to "monetize" a certain amount of random untargeted computers owned by the attack, so there are no good economic reasons for attackers to do this.
  • We would have noticed such an attack. While most people wouldn't notice, if this was a mass attack, there would reasonably be some detection of that. Malware that tries to randomly hack many, many computers has obvious problems staying undetected for long.

However, if you have some reason to expect targeted, expensive attacks aimed to compromise you by people who have no qualms to perform illegal actions, then it certainly is a possibility that the hardware you receive is "special". However, that's not limited in any way to cheap USB data cables, or USB data cables - reasonably similar attacks would apply for any device you purchase in the same way, from mice/keyboards to laptops or server hardware. How do you know that your computer didn't have a hardware / firmware backdoor installed when you bought it?

If you have reason to expect such risks, you have to treat your USB data cable purchases in a similar manner as all other sensitive hardware; for example, ensure that you buy an item that cannot possibly be "adjusted" especially for you, e.g. random purchase of a generic item from a store shelf instead of a remote order that will be mailed to your address.


Security issues with cables? No.

It's technically possible to have a hidden/embedded device in which case all the caveats of an untrusted USB device apply.

However the cost of a device, especially one small enough to be hidden in a cable, would be quite a bit higher than the cable itself so you probably don't need to worry about this.


I really cannot imagine that the cable itself contains a malicious device as explained by @GeorgeBailey. So I would say that those cables are harmless when confidentiality or integrity is considered.

But if you consider that security also encompasses disponibility (availability), chances are that the contacts are of poor quality and that you experience occasional loss of connection when using them. Whether it is a real problem depends on actual usage...

Tags:

Usb

Hardware