As businesses around the world have grown more reliant on technology, the understanding and knowledge of security risks around it has grown – but in today’s society with so much connectivity and digital communication, companies remain far from completely secure. It is a common misconception that the greatest security risks of IT equipment reside in software and the user error of it; whereas growing concern is escalating around the risks of hardware and its use.
The Risks of Unauthorized Charging Cables
While most businesses provide hardware for their staff to use in digital roles, this is often limited to a single computer or laptop device, a smartphone and charger, any necessary screens and/or additional storage facilities. There is usually little to no control over items being plugged into such devices through USB or charging cables – and yet one of the most common escalating security issues comes with unauthorized charging cables.
Created back in 2019 by a developer for Verizon Media, O.MG Cables are lightning charging cables capable of hacking and downloading data from the device to within which they are plugged. Intended for the usage by IT security professionals to help safeguard against vulnerabilities, the technology has been rapidly adopted and adapted – and supplied onward to manufacturers for as little as $100.
As such, this hacking tech has been widespread and is now commonly sold to unsuspecting victims as cheap charging cables. If the employee of a business attaches such a cable to their work phone or device, all of the information can be easily downloaded and sent on to a third-party; usually entirely without the employee or business being aware of such a data breach.
How do hacking cables work?
Hacking cables of this type are modified lightning cables that look just as you’d expect a standard charging cable to. However, the USB connector within has a wireless transmitter fitted within. This transmitter allows a third-party user to connect to the cable and download data from the device to which its connected. Once it has been physically plugged into a device, the wireless transmitter notifies the third-party and from a dashboard installed on their own device they’re able to gain access.
In many, but not all cases, the transmitter facilitates both download and upload – so a third-party could not just access data from the device, but also install their own data on it, such as viruses or malware. Many cables are pre-installed with programs to destroy any sign of their presence once sufficient information has been downloaded.
What’s the risk of hacking cables?
Of course, this is a huge security risk and could result in vast legal, reputational, financial and security consequences. Any unencrypted data stored on any device into which a hacking cable is plugged (inadvertently or otherwise) is at risk of data breach and having other software installed on to it.
While exact figures aren’t available, it’s estimated that around 74% of companies in the US have over 1,000 files sitting stagnant on devices; many of which may contain sensitive information. These files being left unprotected leaves them at risk of download.
In truth, it can be difficult to prohibit staff bringing in their own cables and plugging them into devices – especially if there is no facility for them to purchase them cheaply through a designated professional channel. However, businesses should consider the cost of just one such cable being plugged into their network. Just how much money, time and hassle would the downloading of unprotected data cause? The accumulated cost could easily stretch to millions of dollars.
Other Risks of Unauthorized Hardware
Hacking cables are just one type of unauthorized hardware that can spell disaster for a business. There are a myriad of other hardware risks, including:
- Counterfeit hardware
- Modified refurbished hardware
- Malicious USB devices
- Network connections from unauthorized/unapproved devices
- Hardware trojans
- Lost and stolen hardware
- Incorrect or insufficient ITAD processing.
The damage caused by such hardware being connected to a business network can include, but is by no means limited to:
- Malware and ransomware
- Data breach and leakage
- Insider threats
- Compromised server availability
- Compromised end user experience
- Denial of Service (DoS)
- Device management issues.
Businesses may face vast security, legal, financial and reputational implications as a result of unauthorized hardware usage – be it intentional or not.
Avoiding Unauthorized Hardware Usage
It is critical that businesses aim to avoid the usage of any hardware which has not been properly authorized, audited and configured by its own IT protocol standards.
In choosing hardware for a business, the following factors must be kept in mind:
- Compatibility with existing hardware
- Current and future hardware needs
- Security concerns
- The company’s long-term IT strategy
- The tasks needed to be automated
- Basic requirements
- Business-specific requirements
- Portable devices for remote/travelling workers
- Hardware life expectancy
- ITAD processes for when hardware reaches its EOL.
Ideally, a business should have a set portfolio of devices from which hardware can be chosen to meet the needs of an individual or department’s role and responsibilities. All will be configured similarly and all compatible with one another for the benefit of continuity throughout the business. This should include any hardware accessories as well as primary devices.
Working with Procurri to secure Authorized Hardware and a Secure Hardware Strategy
Procurri are industry leaders in hardware supply with the channel’s biggest inventory of OEM authorized spares and parts globally. We stock even the most niche and rare of configurations, including discontinued hardware.
Authorized Hardware Supply
As we ship hardware worldwide on a daily basis between thousands of companies to help them meet their ongoing tech needs without causing disruption to their end users and/or customers, we know how to best manage hardware no matter how large or widespread your company presence may be. This includes:
- Asset tracking
- UAM (Unified Access Management)
- Network segmentation
- Physical security measures
- The provision of internal security training
- Security audits
- Ongoing Third Party Maintenance with proactive support to detect when issues occur before they escalate
- Performance monitoring.
While we do offer refurbished and recycled hardware, everything is vigorously tested to ensure the utmost in security compliance before it is sold or installed. Most of our hardware on offer, however, is purchased directly from OEMs; intended for deployment as spare parts or to top up existing configurations.
Aside from the supply of hardware, Procurri also runs an Asset Reclaim Program for companies with remote or geographically-spread workers. This box program recovers IT assets when a traditional onsite pickup is not practical, tracking and managing them to ensure no loss of hardware or data. This proves a streamlined and comprehensive hardware management tactic where businesses may otherwise struggle to maintain visibility across locations.
Secure ITAD
Another security risk to businesses in processing hardware often occurs when old, un-needed or no longer functional hardware is disposed of through ITAD (IT Asset Disposition). ITAD can be cheaply outsourced but to do so without due care or attention often results in data breach and loss as unauthorized access is gained to data-bearing equipment. Notable security breaches from poor ITAD practices include:
- Equifax (2017) – when a server belonging to Equifax was disposed of, it included data that could be accessed even when encrypted due to a vulnerability in some software. The data breach affected over 140 million people’s sensitive information
- Yahoo (2013/2014) – with weak password management protocols in place, Yahoo’s data blunder affected billions of their user accounts who used simple or easily-guessed words to protect their own information
- MOVEit (2023) – when allowing a third party to access their hardware, security protocols were not robust enough and information on over 2,000 organizations was leaked.
Procurri offers a zero-to-landfill ITAD service – recycling and refurbishing hardware wherever possible. This approach means that we prioritize data sanitization, working within accreditation including WEEE, R2, and e-Stewards Standards; taking a bespoke approach to every item to ensure entire data destruction. With such a comprehensive process in place, the opportunity for businesses to make money back from their no-longer-needed hardware through refurbishment, remarketing and resale is amplified – often providing an unexpected income stream!
For more information on Procurri’s authorized hardware supply, hardware Asset Reclaim Program and ITAD provisions, get in touch with our expert team today and learn more on how we can tailor our services to meet your business’ needs and idiosyncrasies.