I knew about these, but always thought I could spot them.
I wouldn’t!!!
Impressive and spooky.
This is pretty much the reason I exclusively use dollar store cables and/or dedicated chargers. Saw a yt video about these things at an airport. The more I learn about tech, the more it makes me wanna uncle Ted the fuck out.
I am not terribly worried about USB/thunderbolt attacks since Android requires authentication before it does anything.
Anyone can do this.
I’ve been using wireless chargers for years. I find it “more secure” in the sense that my phone’s port is full of gunk and if I want to wake up with full batteries I can count on wireless a lot more.
I like wireless and magnetic mainly because fucking up the cable is like the most common thing I might do to a device. not saying I do it all the time but its the most likley break to happen.
You can see a CT scan of one of these
https://www.techspot.com/news/105863-usb-c-cable-can-hide-lot-malicious-hardware.html
damn i though they would use the type A connector because it’s bigger but it can be fit even into usb C
You can now buy one for yourself online. https://shop.hak5.org/products/omg-cable
Crazy that the USB-A housing is big enough for that. Makes me want to avoid anything that’s not C to C.
Edit: someone pointed out there’s an option for C to C 💀
C-to-C is even worse because Usb-C requires a chip in the connector, and you never know what that chip is capable of. Usb-A would only have a chip in it if it’s been tampered with.
Yeah I was hoping the smaller form factor would make it difficult to fit in extra malicious hardware.
This was the smallest Bluetooth chip back in 2017. I can’t even imagine what else they can fit into the form factor of a USB-C plug nowadays.
Released last year, TI MSPM0C1104
The MSPM0C1104 is a 24 MHz Arm Cortex-M0+ based device with up to 16 KB of flash and 1 KB of SRAM. It has a 12-bit ADC with three channels, six GPIO pins, and typical communication interfaces like UART, SPI, and I²C. It is an ultra-low-power 32-bit MCU well suited for compact battery-powered designs.
There’s a USB-C option for the active end.
That is amazing. The x-ray of it is kind of scary, honestly. That little chip could be all it would take to get into an air-gapped machine.
There are a ton of different payloads that can be run on these, for everything from simple keylogging, to root access, to network backdoors. I’ve only recently gotten into pentesting but with something like this there’s no real limit to the damage that could be done with only a few seconds of physical access.
Honestly, as a Systems/DevOps engineer it’s always been well know that if you have physical access, you have zero chance of security. Sure it might take more time if precautions were followed, but you will be owned eventually, that’s guaranteed.
This is one of our most frustrating fights I have with our security design reviewers. Effectively functionless mitigations that create extra obstacles for our service reps to deal with during troubleshooting. One example is our equipment is installed in access restricted areas, in a locked rack. We don’t need to disable unused Ethernet ports on our networking equipment that exists in a locked cabinet and it will take away our ability to repatch equipment to a different switch in the system to assist in troubleshooting.
Let me guess, they do allow ai traffic from everyone and their mum for the sake of uhh… innovation?
That is gnarly!
Not just the US government, anyone has been able to do this for years
You might be interested in the full Snowden leak
Yeah, it’s scary how much people don’t remember/don’t know
And don’t care.
USB condom!
Fast charging won’t work without a proper connection
Pro Tip: Leave a unique mark somewhere on the cable so if someone switches it, you can tell it apart. Always check for the mark before you use the cable, every time.
(Yes I actually do this, I’m paranoid)
If you’re really paranoid you should buy all your stuff in a brick and mortar store. You’d have to be high up on a list for it to even be worth someone’s time, but intercepting a package and swapping the contents is pretty easy to do, typical Tuesday multi-agency gun ring bust for some postal inspectors
My older brother is abusive, and I need precautions to be safe.
That’s my threat model.
I actually would rather run a phone with stock OS with verified boot, rather than LineageOS but with bootloader unlocked. Evil Maid from someone you know wanting fuck around with you is more scary to me than government tbh
(I don’t have a pixel for graphene)
Edit: Also these cables cost like $200 online from HAK5. My brother definitely can pull some shit if he tried. He’s in Computer Science in college.
Is it not possible to lock the bootloader again with LineageOS?
Only with a few rare phones… most phones just gets bricked if you attempt to lock it under a custom os because they don’t support custom keys.
Pixel supports it, but I don’t have a pixel. (If I did I would just use Graphene lol)
New is expensive
and I really distrust the used market… feels very sketchy and it could have hidden damage that doesn’t manifest itself until the return window is already passed (if they even allow a return at all), also I have a paranoia about getting an IMEI that a criminal have used and then cops come knocking thinking its ME doing the illegal activity (cuz you know they do the “oops wrong address” thing often and they’ve shot people to death over it )
We found out 15 years ago the hardware is probably older
USB condoms for charging exist for a reason.
Would limit higher power charging
That’s the tradeoff yes
https://darknetdiaries.com/episode/161/
There’s a darknet episode about these cables
