RFID Research Group’s USBNinja Embeds BadUSB into the Cable Itself

In 2014, a pair of hackers at the Black Hat USA conference demonstrated what they termed as “BadUSB,” showing how a USB flash drive microcontroller could be reprogrammed to spoof a myriad of other device types to take control of a PC. They were able to achieve a full-system compromise using just the drive and a self-replicating USB virus that was undetectable at the time.

The cable functions identically to a regular USB cable until a wireless controller triggers it to deliver the attack payload of your choice. (📷: RFID Research Group)

Four years later, the people over at RFID Research Group designed a USB cable equipped with BadUSB built inside, which can be triggered wirelessly to deliver whatever payload you want. The USBNinja functions as a standard USB cable, providing power and data to and from any device that’s connected. Within the cable housing, however, resides a tiny Bluetooth unit that waits for a wireless command to unleash its payload, which is done via a mobile app or the company’s custom Bluetooth remote.

As far as the hardware side is concerned, the USBNinja comes in three versions — Micro-USB, USB Type C, and Lightning (for Apple users), with each offering the same voltage and current consumption as their real-world counterparts (4 to 25V @ 10 mA). The remote is outfitted with high-powered Bluetooth wireless capability, comes equipped with a 3.6V, 40mAh rechargeable battery, and has a range of 30 to 100-meters using a 2, 3, or 18-dbi antenna. Alternatively, you can use a smartphone app over the remote, so your range is determined by the onboard Bluetooth capability.

The tiny Bluetooth-equipped MCU hidden on the inside of the connector cap. (📷: RFID Research Group)

In terms of software, the USBNinja can be programmed using the standard Arduino IDE or C language to create custom payloads, although the RFID Research Groups states they will have example payloads available for download at some point in the future. Accessing the bootloader is done using a non-contact magnet, which grants access and allows you to upload your code.

The company is currently crowdfunding the USBNinja on Crowd Supply, and those interested can pledge $79 and up, which nets you your choice of cable, a magnetic ring, and phone app. $150 and up, gets you the added remote and charging cable.


RFID Research Group’s USBNinja Embeds BadUSB into the Cable Itself was originally published in Hackster Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Original article: RFID Research Group’s USBNinja Embeds BadUSB into the Cable Itself
Author: Cabe Atwell