Industrial CT scanner manufacturer Lumafield imaged an O.MG USB-C cable revealing sophisticated electronic components secreted within the connector.
The headline is clickbait I think. The whole point of the O.MG cable is to hide electronics in the connector. It’s advertised as a hacking tool. The analysis of what can be seen in there may be interesting, but it’s not like this is secret knowledge.
The intended use for this kind of product is that you hire a company to break into your company, and then tell you how they did it so that criminals (or, if you’re someone like a defence contractor, foreign spies) can’t do the same thing later. Sometimes they’re also used by journalists to prove that the government or a company isn’t taking necessary precautions or by hobbyists at events where everyone’s aware that everyone else will try to break into their stuff. There’s typically vetting of anyone buying non-hobbyist quantities of anything, and it’s all equipment within theoretical reach of organised crime or state actors, so pentesters need to have access, too, or they can’t reasonably assess the real-world threat that’s posed.
There are plenty of hacking devices on the market equal or worse than this. The truth is you want these devices available in the public so people are award of them and nerds can learn how to protect against them.
The malicious inclined wont care about legal availability and some tinkers will make them if not only for the technical challenge.
These sorts of tools and knowledge should be free and open, so people can test their own systems and learn how to defend against them. They aren’t inherently bad themselves. As with firearms, it’s all about what you do with it.
Hiding a potential exploit from the general public does them no good.
The headline is clickbait I think. The whole point of the O.MG cable is to hide electronics in the connector. It’s advertised as a hacking tool. The analysis of what can be seen in there may be interesting, but it’s not like this is secret knowledge.
https://shop.hak5.org/products/omg-cable
So the manufacturer isn’t spying on you, it just designed a product so someone else could hack you instead? That doesn’t make it sound any better.
The end result is the same: be careful what cables you plug into your device.
Sure, but this is clickbait at best. It’s not a revelation that this cable contains that hardware.
Yes, if someone used one of these against you, you could be in trouble. The company that makes it also makes a detector that can spot it:
https://shop.hak5.org/products/malicious-cable-detector-by-o-mg
Damn what a cat and mouse game
The intended use for this kind of product is that you hire a company to break into your company, and then tell you how they did it so that criminals (or, if you’re someone like a defence contractor, foreign spies) can’t do the same thing later. Sometimes they’re also used by journalists to prove that the government or a company isn’t taking necessary precautions or by hobbyists at events where everyone’s aware that everyone else will try to break into their stuff. There’s typically vetting of anyone buying non-hobbyist quantities of anything, and it’s all equipment within theoretical reach of organised crime or state actors, so pentesters need to have access, too, or they can’t reasonably assess the real-world threat that’s posed.
There are plenty of hacking devices on the market equal or worse than this. The truth is you want these devices available in the public so people are award of them and nerds can learn how to protect against them.
The malicious inclined wont care about legal availability and some tinkers will make them if not only for the technical challenge.
This is hak5. They make penetration testing Tools
Technically it’s O.MG; they work with and are sold through HAK 5, and license Ducky Script.
These sorts of tools and knowledge should be free and open, so people can test their own systems and learn how to defend against them. They aren’t inherently bad themselves. As with firearms, it’s all about what you do with it.
Hiding a potential exploit from the general public does them no good.
And has been available for years… Why this is news today is beyond me. I’m pretty sure I saw these cables on hak5’s site over 5 years ago.
Seriously cool piece of kit! I have no use for it whatsoever, but can’t help but wish I did.