Previously, we mentioned the risk incurred when using public terminals to recharge a smartphone. Indeed, malicious people can hide spying or malware injection devices in these charging devices. But you can also run a risk by connecting an innocuous-looking USB cable to your PC, since it may hide a chip capable of launching an attack against the computer, while being controlled remotely via Wifi.

From the outside, these cables look like a normal cable. But inside, in addition to the wires that are used for charging and data transfer, there is also a malicious device that is used to launch computer attacks. And recently, the Lumafield YouTube channel published a video showing, thanks to an X-ray scan, what is inside these rather special cables. As the video shows, there is no way to tell a normal USB cable from a spy cable from the outside. On the other hand, when we use X-rays, we discover the existence of a miniaturized microcontroller and antenna which make it possible to launch attacks remotely.

The product that was scanned by Lumafield is an O.MG cable. And if it was created to simulate attacks within companies (but not to carry out real attacks), the capabilities put forward by its creator are terrifying. Indeed, these compromised cables can, for example, inject keyboard inputs or mouse actions, to carry out the attacks. They can also serve as keyloggers, to collect all keyboard keys entered by the user (which allows confidential information or passwords to be stolen).

Undetectable cables, or almost

The O.MG cable is deactivated when sold, to comply with “regulations”. To use it, researchers must use a utility provided by its manufacturer. This was primarily designed to attack PCs. But there is also a USB-C to USB-C version which allows you to attack mobiles. When the cable is disabled, it behaves like a normal USB 2.0 cable. But actions can then be programmed via Wifi, or based on geolocation. It is also possible to program the self-destruction of the device.

Alternatively, cable developer O.MG has also developed a malicious cable detector. This accessory is shown in the video below (5:40). In any case, this presentation of O.MG products should remind you that you can suffer a computer attack, just because you have connected a USB cable to your PC or your smartphone.

  • Beware of USB cables, these may contain a hacking device that can steal data or launch attacks
  • An X-ray scan shows how a microcontroller and antenna to carry out these attacks can be hidden inside an innocuous-looking USB cable
  • This type of cable can target PCs, as well as smartphones
Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *