A random USB port in my hotel room.

Jul 10, 2014

When I was in DC a couple of weeks ago, I noticed that the lamps in my hotel room had USB ports in them, presumably for plugging in smart devices to recharge in the event that the traveler did not bring a power strip. Most hotels aren't known for offering a surplus of power outlets.

Seeing as how I was back in Washington, DC, called by some The City of Spies, I couldn't help but wonder how such a thing could be used offensively. Let's say I wanted to gig somebody's smartphone with some canned exploits and a malware package. After finding out what room they were staying in I'd wait until they were out and gain access to their room, and then head right for one of those lamps. I'm not the NSA - I don't have a fancy single chip microcomputer that I could solder inline with the USB jack - but I could get hold of a USB host peripheral for a common microcontroller development platform, some storage for my smartphone pwning payload, and build an injector using a readily available development library. The injector is pretty small, maybe a third the size of my phone, and should fit nicely in the base of that lamp instead of the USB charger. There is more room inside them than it would appear from the outside With more development time I could probably get it down to the size of a cigarette lighter, which would leave plenty of room to spare in the base of that lamp. I could probably use the power supply for the USB charger to run my little beastie and supply power to a connected device to boot. Then I'd sit back in the hotel bar a few floors down and let the good times roll.

For the record, I didn't really do this. I opened up the base of the lamp to see if somebody else did (they didn't) because that's how I roll. I might build such a thing one day to see if I could do it, but I wouldn't actually use it on anyone. Instead, I'd see if I could get it accepted as a proof-of-concept at a conference like HOPE or DefCon.