Friday, June 21, 2024

Malicious HDMI Cables Steals Photos, Videos, and Location Data

John Bumstead, who works for a company called 404Media that fixes and sells used electronics, found an iPhone-to-HDMI adapter that seemed normal at first. However, the app that came with it was tricky because it asked users to scan a QR code.

This code leads to an ad-filled website, prompting downloads of an invasive app that requests various permissions, collects data, and sends it to China.

Bumstead tweeted about a spy-themed lightning cable, and unlike the HDMI adapter, this cable is a knockoff but resembles Apple’s design.

MG, the researcher behind the malicious Lightning cables, included the risky adapter, anticipating users installing questionable apps.

Malicious activity
Malicious activity (Source – 404Media)

Technical analysis

The researcher used an old iPhone to connect the cord, which displayed a QR code and “LIVE TV” branding. Scanning it led to EZ Cast’s website, boasting over 10M users worldwide.

Check Point previously analyzed an insecure EZCast device, which could be easily brute-forced due to a weak 8-digit password. The company contacted EZCast in 2016 but received no response, indicating a lack of security considerations. 

The website displayed ads for a streaming service called ‘FANJESTIC,’ known for difficult cancellations, unrelated to the EZ Cast app obtained via the QR code.

The app requested location access and Privacy Policy acceptance from Actions Microelectronics Co., Ltd., outlining the collection of the following data:-

  • Email address
  • Use tracking cookies take location
  • Track favorite videos
  • Track videos watched
  • Track bookmarks
  • Track location Data
  • Track Sensor Data
  • Tracking Cookies Data
  • Installed Apps Data

The data collection aimed at targeted ads and required access to the Local Network, photos, settings, Bluetooth, and camera.

While fascinated by unusual cables and gadgets, the adapter’s significance is tied to the FTC’s Amazon lawsuit which highlighted the site navigation issues and spammy ads.

Malicious cords
Malicious cords (Source – 404Media)

Recyclers often acquire Amazon returns, including cables Bumstead collects from them. While not entirely certain it all comes from Amazon, recyclers have indicated so, as Amazon disposes of unsold FBA inventory.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles