in

7 hacking tools that look harmless but can do real damage

Adrian Kingsley-Hughes/ZDNET

One of the best ways to stay safe and secure when using your computers and other electronic devices is to be aware of the risks. For the past decade, that’s precisely what I’ve been doing.

Most risks are obvious: use strong passwords, don’t download and install software from untrustworthy websites, or hand your unlocked device to a third party.

Also: The best security keys you can buy

However, there are less obvious — yet equally dangerous — risks that can result in device or network intrusion, or even device destruction.

<!–>

The tools that execute these actions can appear perfectly innocent and can even resemble toys. But the fact that they can blend in as ordinary pieces of technology makes these hacking tools especially dangerous.

Here are seven bits of kit that look like ordinary tech gadgets, but that are actually powerful hacking tools.

Note that none of these tools are sold specifically as hacking tools. Instead, they have been designed for security experts and penetration testers to examine the security of companies. But that doesn’t stop them – or similar tools – from being misused.

1. Flipper Zero

–> <!–>

Limited edition transparent Flipper Zero.

Adrian Kingsley-Hughes/ZDNET

The Flipper Zero looks like a kid’s toy, all plastic and brightly colored (just like Tamagotchis–>, those digital pets that would die or turn evil if you neglected them). 

Also: 7 cool and useful things to do with your Flipper Zero

But beneath the fun exterior and the dolphin virtual pet is a pen-testing Swiss army knife, capable of all sorts of things, thanks to the built-in infrared transceiver, sub-GHz wireless antenna, iButton/NFC/RFID reader/writer/emulator, and GPIO connectors, which allow the Flipper Zero to connect to other gadgets. There’s also a USB port that can be connected to computers and smartphones. 

This broad capability means the Flipper Zero can be used to control items that have an infrared remote control, to clone RFID cards and NFC tags, to capture and retransmit radio frequencies that control things, such as access barriers and even car locks, and to be connected to computers or iPhone and Android devices, which can be used to send keystrokes to the system to do… well, pretty much anything you can do from a keyboard.

AlsoHow to unlock the Flipper Zero hacking tool’s true power

And that’s just the tip of the iceberg. For $169, the Flipper Zero<!–> is an extremely capable tool.

2. O.MG cables

–> <!–>

O.MG cables and dongles can be used to attack unsuspecting devices.

Adrian Kingsley-Hughes/ZDNET

They look like regular charging cables, but built into the connector at one end of the O.MG cable–> is a tiny computer, which remains dormant until the cable is connected to a device such as a PC or Mac, or even an iPhone or Android smartphone. Then, when it’s connected, the computer wakes up and gets to work.

The computer at the end of an O.MG cable acts like a tiny keyboard, pumping out keystrokes to the device it’s connected to.

This hidden keyboard can do pretty much whatever an operator at a keyboard can do. It can steal Wi-Fi passwords, copy files and move them to remote locations, delete files, plant spyware or malware, and much more.

Also: The best VPN services (and how to choose the right one for you)

The capabilities of these cables are terrifying. The elite version can connect to Wi-Fi, be programmed to trigger remotely, and can even self-destruct, so the O.MG cable becomes a regular cable, which makes it hard to identify the technology as the source of a hack. 

Believe me when I say these cables look, feel, and work just like regular cables. They come in a selection of colors and connection types and blend in with your other cables.

Prices for an O.MG cable ranges from $119 to $200<!–>, so they are not cheap – and you definitely don’t want to get these cables mixed up with your regular ones.

3. USBKill

–> <!–>

USBKill kit.

Adrian Kingsley-Hughes/ZDNET

USBKill–> devices are little dongles that look like USB flash drives, but instead of storing data, they send circuit-busting electrical charges into the devices they are plugged into.

Laptops, PCs, smartphones, and even TVs, network routers, and pretty much anything that’s got a port on it are susceptible to being zapped by USBKill. 

Also: 6 simple cybersecurity rules to live by 

The devices can be triggered by pressing a button, using bluetooth, running a timed attack, or even by passing your hand over the device when wearing a covert magnetic ring.

These devices provide yet another reason to avoid plugging random stuff into your devices. 

4. USB Nugget

<!–>

Retia/ZDNET

This is a simple and cheap, but very effective device.

Inside its tiny shell, the USB Nugget – which looks like a kitty – has everything needed to drop malicious payloads to pretty much whatever the device finds itself connected to.

Also: 3 security gadgets I never leave home without

Thanks to a built-in ESP32–S2 Wi-Fi chipset, this device can be controlled remotely, so that the hacker doesn’t even have to be anywhere near the system.

5. Wi-Fi Pineapple

–> <!–>

The futuristic-looking Wi-Fi Pineapple.

Hak5/ZDNET

The Wi-Fi Pineapple–> might look like a futuristic router, but it’s actually a sophisticated platform for carrying out wireless network attacks.

Using the Wi-Fi Pineapple, you can create rogue access points with the intention of stealing people’s login credentials and carry out advanced man-in-the-middle attacks. 

Also: 9 top mobile security threats and how you can avoid them

The Pineapple can also be used to monitor the collection of data from all devices in its close vicinity, and users can save and go back to this data at a future date.

The Pineapple can also be used to capture Wi-Fi handshakes, and this information can then be used to crack Wi-Fi access passwords. In short, the Pineapple is an incredibly powerful tool.

6. USB Rubber Ducky

–>

Hak5/ZDNET

A computer will trust a keyboard that’s plugged into it because, well, humans use keyboards. So, one easy way to attack a system is to get a device to pretend to be a keyboard and have it act like there’s a human typing.

Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online

If you’ve ever watched the TV show Mrs Robot, then you will have seen a Rubber Duck attack. While we’ve already looked at devices that can send keystrokes to a device, this tool is a dedicated Rubber Ducky device<!–>

While the tool looks like a regular flash drive, the Rubber Ducky can be programmed to “type” commands into any device it’s plugged into.

The tool is yet another reason why you shouldn’t just plug random stuff into your electronics. However, the Rubber Ducky is so discreet that someone might plug it into a device, leave it connected, and it might be days, weeks or even months before it’s found.   

7. LAN Turtle

–> <!–>

LAN Turtle has some surprises inside.

Hak5/ZDNET

On the outside the LAN Turtle–> looks like a generic USB ethernet adapter, but on the inside is a tool that provides the hacker with a number of ways to watch and then gain access to a network.

With a built-in microSD card holder, the LAN Turtle is a perfect tool for gathering up interesting data that’s travelling across a network.

Also: How to find and remove spyware from your phone

The LAN Turtle can scan a network, undertake DNS spoofing, and it can even be set to send alerts when specific forms of network traffic are seen.

The Turtle is yet another one of those hacking tools that looks innocent and could remain undetected for a long period of time.

Bonus: O.MG Unblocker

–>

Adrian Kingsley-Hughes/ZDNET