News O.MG USB-C cable CT scan reveals sinister active electronics — contains a hidden antenna and another die embedded in the microcontroller

[Admin]

Lumafield CT scanned the O.MG USB-C cable and discovered hidden advanced electronics with a sinister purpose.

O.MG USB-C cable CT scan reveals sinister active electronics — contains a hidden antenna and another die embedded in the microcontroller : Read more

 

[Dr3ams]

When I worked as a network admin for Deutsche Telekom and Lufthansa this was a main concern for the American military, which used these companies' services in Germany. On bases the U.S. military would only allow telecommunications hardware built 100% in Germany. No boards with chips that might be made in China. Also, all Deutsche Telekom technicians servicing DSL or fiberglass systems on base had to be vetted.

 

[JamesJones44]

Did I miss read that the cable in question costs $119? If that's true, could this be a feature of the cable at that price vs malicious act?

 

[bit_user]

But this was a one-off cable built by a security researcher and nothing in the article even mentions it being functional ?

I think the point of the article is rather subtle. This cable is clearly designed and advertised to be an attack vector (the article mentions features like "keystroke injection, mouse injection, geo-fencing, keylogging, and more"). However, they also give the example of Apple's cable having a microchip and I think their point is that a second chip can be concealed underneath a first.

IMO, this shows a big problem with relying on USB for power & charging. There should be "USB condoms" that disable all features besides power delivery, in case you need to take a charge from an unfamiliar USB source or cable. They should work just like a surge protector (which is also something they could do), by being a little hardware dongle that you connect through.

 

[Co BIY]

Did I miss read that the cable in question costs $119? If that's true, could this be a feature of the cable at that price vs malicious act?

Yes the CT company bought the cable, which is designed and sold for hackers, to demonstrate their tech.

 

[Co BIY]

I think the point of the article is rather subtle. This cable is clearly designed and advertised to be an attack vector (the article mentions features like "keystroke injection, mouse injection, geo-fencing, keylogging, and more"). However, they also give the example of Apple's cable having a microchip and I think their point is that a second chip can be concealed underneath a first.

IMO, this shows a big problem with relying on USB for power & charging. There should be "USB condoms" that disable all features besides power delivery, in case you need to take a charge from an unfamiliar USB source or cable.

I erased my original post because I did not realize this was a purchasable product.

The headline implies that the cable was not suspect prior to the scan by calling it a USB cable and then following up with the sinister electronics label. In fact, they deliberately purchased a hackers tool and took a really cool scan of it. They were not surprised to find more than a standard USB cable.

 

[kuerious]

There are measures one can take:

PortaPow USB-C Data Blocker (Twin Pack) https://a.co/d/1gxE0Tm

But if the die & antenna are capable of wireless connection, then these "USB digital condoms" are only so helpful.

 

[kep55]

Lumafield CT scanned the O.MG USB-C cable and discovered hidden advanced electronics with a sinister purpose.

O.MG USB-C cable CT scan reveals sinister active electronics — contains a hidden antenna and another die embedded in the microcontroller : Read more

Am I missing something here? Why would a USB cable need any chips in it? Isn't the cable supposed to carry electrical signals from point A to point B?

 

[ex_bubblehead]

Am I missing something here? Why would a USB cable need any chips in it? Isn't the cable supposed to carry electrical signals from point A to point B?

That's the entire point of the article. Such a cable shouldn't exist except as some sort of espionage device.

 

[purposelycryptic]

Did I miss read that the cable in question costs $119? If that's true, could this be a feature of the cable at that price vs malicious act?

It's stated several times that this is a cable specifical designed for penetration testing by a security researcher. So, yes, it's a feature.

The point of the article, and the company that scanned the cable, is that these kind of electronics can be surreptitiously built into cables for malicious purposes as well, and that a regular X-ray scan was not even able to detect the secondary IC. That makes them a potential threat in espionage and terrorist actions.

It's also one of the reasons why, at least when I was still working, computers in secure military and intelligence installations, as well as various corporate machines with access to restricted data, all had all their accessible USB ports physically disabled, and their IO devices permanently attached.

Securing against these sorts of threats has definitely become a lot harder over the past decade+, though.

 

[USAFRet]

Am I missing something here? Why would a USB cable need any chips in it? Isn't the cable supposed to carry electrical signals from point A to point B?

Unless and until you xray it, you wouldn't know it was there.

 

[purposelycryptic]

Am I missing something here? Why would a USB cable need any chips in it? Isn't the cable supposed to carry electrical signals from point A to point B?

Different USB ports and power sources can supply different voltages and have different max amperages - these are supposed to be negotiated between the devices, but, if one of the two is out of spec, you can end up with a fried device. So at least one of the reasons is, or at least used to be, to have the cable have limited smarts inside to prevent that from happening.

I'm not sure what exactly Apple's new cables have in them, but Apple loves to over-engineer these kinds of things, so it could be anything. Back when the first iPhone came out (and with the iPods before that as well, I believe), all charging/data cables had to be licensed by Apple, so they would let the manufacturers put some sort of identifier into them, without which the phone/iPod would not let the cable be used.

 

[purposelycryptic]

There are measures one can take:

PortaPow USB-C Data Blocker (Twin Pack) https://a.co/d/1gxE0Tm

But if the die & antenna are capable of wireless connection, then these "USB digital condoms" are only so helpful.

These things generally work by physically blocking all but the connections actually required for charging, so there would be no physical data connection between the computer/device and the cable, thereby protecting you from it.

The antenna and its IC are in the cable so that the malicious actor can use the cable as, essentially, an illicit wireless dongle that can hijack mouse/keyboard functions, act as a remote keylogger, etc. They are there so the attacker can control the cable's actions from a distance, not to access the target machine itself. Without the data lines of the cable being physically connected, it can't access the device.

 

[TJ Hooker]

Am I missing something here? Why would a USB cable need any chips in it? Isn't the cable supposed to carry electrical signals from point A to point B?

USB C power delivery requires cables to be electronically marked to support higher power levels. There are also active cables, which feature built in signal boosters/repeaters. So there are some legitimate reasons for USB cables to have chips embedded in them.

 

[eldakka1]

There should be "USB condoms" that disable all features besides power delivery, in case you need to take a charge from an unfamiliar USB source or cable. They should work just like a surge protector (which is also something they could do), by being a little hardware dongle that you connect through.

Right, but such a USB condom would require a micro-controller to interface with the device to detect its Power Delivery capabilities (5V? 10V? 20V?) and then negotiate with the PD in the charger to come to a mutually agreeable charging rate.

Since this 'condom' device has to have the mocrocontrollers to do that negotiation on behalf of both ends, that means it'd be a complex-enough device to also have hidden chips and replicate the the functionality of the 'hacker' USB-cable in the condom, it'd be a 'hacker' condom. Any intermediary device inserted into the chain that has enough smarts to do Power Delivery negotiation will be complex enough to hide these reported hacking capabilities in it. The only way within such an intermediary device to solve this would be a fixed capability device that dan't do Power Delivery negotiation and thus falls back to a hard-coded non-PD charging voltage of 5V - and this assumes that both ends of the connection are prepared to charge with no PD communication/verification of capabilities and are happy to fallback to the USB3 5V specification.

The only way this could be done realistically is if it's a capability built into the device itself, a hard-switch of some-sort that forces the port on the appliance being charged (phone, laptop, computer, whatever) to work in a charge-only mode, and then it'd only work if the manufacturer of the device was trusted and certified - and legally warrantied/guaranteed - such capability.

 

[theboz1419]

Did I miss read that the cable in question costs $119? If that's true, could this be a feature of the cable at that price vs malicious act?

All these comments and not a single person went to the website where you can purchase this cable.

This cable is sold to companies so they can do test

The following is taken directly from the website

"The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries. Until now, a cable like this would cost $20,000 (ex: NSA's COTTONMOUTH-I). These cables will allow you to test new detection opportunities for your defense teams. They are also extremely impactful tools for teaching and training."


It's for teaching, and it's not being used for anything else.

 

[theboz1419]

It's stated several times that this is a cable specifical designed for penetration testing by a security researcher. So, yes, it's a feature.

The point of the article, and the company that scanned the cable, is that these kind of electronics can be surreptitiously built into cables for malicious purposes as well, and that a regular X-ray scan was not even able to detect the secondary IC. That makes them a potential threat in espionage and terrorist actions.

It's also one of the reasons why, at least when I was still working, computers in secure military and intelligence installations, as well as various corporate machines with access to restricted data, all had all their accessible USB ports physically disabled, and their IO devices permanently attached.

Securing against these sorts of threats has definitely become a lot harder over the past decade+, though.

Atleast you were able to understand why this cable even exist.

 

[SpecialSauce13]

The real issue here is that this shouldn't matter. Why is a USB charging or data transfer cable allowed to key log or enter mouse/keystrokes? I've been thinking of this since the early days of the Internet when visiting a webpage meant a picture would load and carry OS altering software. How poorly designed are our systems that this can happen? If I'm plugging in a mouse, then maybe the system allows mouse movement, but a charging cable used in a public place should not be allowed by the system to do anything but charge. Certainly this topic is worth noting for things like transmitting data sent through a data cable, but surely most of these issues are starting at the home device we're supposed to believe are protected. As one college professor once said to our class, "If a person can make it, another person can break it."

 

[USAFRet]

Why is a USB charging or data transfer cable allowed to key log or enter mouse/keystrokes?

A "normal" USB cable does not do that.

This one is not "normal". But, mostly undetectable unless you xray it.

 

[SpecialSauce13]

Right, but such a USB condom would require a micro-controller to interface with the device to detect its Power Delivery capabilities (5V? 10V? 20V?) and then negotiate with the PD in the charger to come to a mutually agreeable charging rate.

Since this 'condom' device has to have the mocrocontrollers to do that negotiation on behalf of both ends, that means it'd be a complex-enough device to also have hidden chips and replicate the the functionality of the 'hacker' USB-cable in the condom, it'd be a 'hacker' condom. Any intermediary device inserted into the chain that has enough smarts to do Power Delivery negotiation will be complex enough to hide these reported hacking capabilities in it. The only way within such an intermediary device to solve this would be a fixed capability device that dan't do Power Delivery negotiation and thus falls back to a hard-coded non-PD charging voltage of 5V - and this assumes that both ends of the connection are prepared to charge with no PD communication/verification of capabilities and are happy to fallback to the USB3 5V specification.

The only way this could be done realistically is if it's a capability built into the device itself, a hard-switch of some-sort that forces the port on the appliance being charged (phone, laptop, computer, whatever) to work in a charge-only mode, and then it'd only work if the manufacturer of the device was trusted and certified - and legally warrantied/guaranteed - such capability.

Realistically the OS should be advising if something is requesting to do something. If my charging cable is trying to access data or perform inputs, there's zero reason the OS of my device shouldn't already be asking me if that's what I expected.

 

[SpecialSauce13]

A "normal" USB cable does not do that.

This one is not "normal". But, mostly undetectable unless you xray it.

Except the OS is supposed to have security measures. Advising that something connected is doing something it shouldn't is security 101. This is a core developer failure. The exception may be that data transmitted over a data cable is then transmitted, as that's the weak point. No charging cable should have permission to operate the main device.

 

[USAFRet]

Except the OS is supposed to have security measures. Advising that something connected is doing something it shouldn't is security 101. This is a core developer failure. The exception may be that data transmitted over a data cable is then transmitted, as that's the weak point. No charging cable should have permission to operate the main device.

But thats the point. Its not "just a charging cable".

To the human, visually it looks like one. Innocent to plug in.
But it isn't.

And if the OS were as locked down as you surmise, we wouldn't have viruses either.

 

[legacyofherot]

Different USB ports and power sources can supply different voltages and have different max amperages - these are supposed to be negotiated between the devices, but, if one of the two is out of spec, you can end up with a fried device. So at least one of the reasons is, or at least used to be, to have the cable have limited smarts inside to prevent that from happening.

I'm not sure what exactly Apple's new cables have in them, but Apple loves to over-engineer these kinds of things, so it could be anything. Back when the first iPhone came out (and with the iPods before that as well, I believe), all charging/data cables had to be licensed by Apple, so they would let the manufacturers put some sort of identifier into them, without which the phone/iPod would not let the cable be used.

When I plug my Lumia 950 into the PC via any USB-C cable, it charges. If I unlock the phone, it asks if I want to connect for data transfer, if I say no it charges.
Don't 1phones and droids do that? Honest question.

Even so, I'd never plug my phone into a public charger.

I did read somewhere there is an "unfixable" flaw in the USB protocol, not sure of the details.

 

[thecuspof]

I think the point of the article is rather subtle. This cable is clearly designed and advertised to be an attack vector (the article mentions features like "keystroke injection, mouse injection, geo-fencing, keylogging, and more"). However, they also give the example of Apple's cable having a microchip and I think their point is that a second chip can be concealed underneath a first.

IMO, this shows a big problem with relying on USB for power & charging. There should be "USB condoms" that disable all features besides power delivery, in case you need to take a charge from an unfamiliar USB source or cable. They should work just like a surge protector (which is also something they could do), by being a little hardware dongle that you connect through.

Actually the maker of the OMG line of cables also bundles in a dongle that allows you to scan unknown cables for nasty hardware as well as the dongle condom mentioned in another reply. The omg cable works, is a brilliant piece of hardware, and responsibly manufactured with the goal of educating the Public that such capabilities can be easily hidden in a normal looking format factor and to trust nothing.

 

[bit_user]

"electronic components secreted within the connector" - so they were produced and discharged by an organ?

Secrete \Se*crete"\, v. t. [imp. & p. p. Secreted; p. pr. & vb. n. Secreting.] [L. secretus separated, secret, hidden, p. p. of secernere. See Secret, and cf. Discrete, Discreet.]

1. To deposit in a place of hiding; to hide; to conceal; as, to secrete stolen goods; to secrete one's self. [1913 Webster]
2. (Physiol.) To separate from the blood and elaborate by the process of secretion; to elaborate and emit as a secretion. See Secretion. [1913 Webster]

Why one set of cells should secrete bile, another urea, and so on, we do not know. --Carpenter. [1913 Webster]

Syn: To conceal; hide. See Conceal. [1913 Webster]
​

Source: http://dict.org/bin/Dict?Form=Dict2&Database=*&Query=secreted

See definition #1.

Learn English.

Maybe fact-check yourself before correcting someone else.