this post was submitted on 05 Dec 2024
107 points (78.3% liked)

Technology

60085 readers
3156 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 24 comments
sorted by: hot top controversial new old
[–] floofloof@lemmy.ca 196 points 3 weeks ago* (last edited 3 weeks ago) (3 children)

Industrial CT scanner manufacturer Lumafield imaged an O.MG USB-C cable revealing sophisticated electronic components secreted within the connector.

The headline is clickbait I think. The whole point of the O.MG cable is to hide electronics in the connector. It's advertised as a hacking tool. The analysis of what can be seen in there may be interesting, but it's not like this is secret knowledge.

https://shop.hak5.org/products/omg-cable

[–] OutlierBlue@lemmy.ca 18 points 3 weeks ago (7 children)

So the manufacturer isn't spying on you, it just designed a product so someone else could hack you instead? That doesn't make it sound any better.

The end result is the same: be careful what cables you plug into your device.

[–] kn33@lemmy.world 76 points 3 weeks ago

The end result is the same: be careful what cables you plug into your device.

Sure, but this is clickbait at best. It's not a revelation that this cable contains that hardware.

[–] nondescripthandle@lemmy.dbzer0.com 66 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Its designed to be used for pen testers so they don't have to spend $20,000 on the alternative cable. Its a single cable thats costs like $200, so im not really worried many people are going to get hacked because they accidentally bought a $200 cable.

[–] Arbiter@lemmy.world 24 points 3 weeks ago (3 children)

The bigger concern is a supply chain attack, where an actor targets a specific buyer or agency with these cables.

Yeah that makes sense, im no expert but whats that saying 'physical access is root access' or something along those lines. Id imagine this is true (in spirit at least) about the cables.

[–] Delta_V@lemmy.world 3 points 2 weeks ago (1 children)

The capability itself is concerning. This bespoke cable might cost $200, but what would the unit cost be if a state decided to mass produce them?

[–] Arbiter@lemmy.world 5 points 2 weeks ago

Even at 200 per unit a state actor could certainly see it as worth the cost for a specific attack.

[–] Churbleyimyam@lemm.ee 3 points 2 weeks ago (1 children)

I have no idea who would do something like that...

[–] Petter1@lemm.ee 7 points 2 weeks ago
[–] floofloof@lemmy.ca 28 points 3 weeks ago (1 children)

Yes, if someone used one of these against you, you could be in trouble. The company that makes it also makes a detector that can spot it:

https://shop.hak5.org/products/malicious-cable-detector-by-o-mg

[–] HootinNHollerin@lemmy.world 11 points 2 weeks ago

Damn what a cat and mouse game

[–] AnyOldName3@lemmy.world 24 points 3 weeks ago

The intended use for this kind of product is that you hire a company to break into your company, and then tell you how they did it so that criminals (or, if you're someone like a defence contractor, foreign spies) can't do the same thing later. Sometimes they're also used by journalists to prove that the government or a company isn't taking necessary precautions or by hobbyists at events where everyone's aware that everyone else will try to break into their stuff. There's typically vetting of anyone buying non-hobbyist quantities of anything, and it's all equipment within theoretical reach of organised crime or state actors, so pentesters need to have access, too, or they can't reasonably assess the real-world threat that's posed.

[–] webghost0101@sopuli.xyz 14 points 2 weeks ago

There are plenty of hacking devices on the market equal or worse than this. The truth is you want these devices available in the public so people are award of them and nerds can learn how to protect against them.

The malicious inclined wont care about legal availability and some tinkers will make them if not only for the technical challenge.

[–] zzx@lemmy.world 8 points 2 weeks ago (1 children)

This is hak5. They make penetration testing Tools

[–] boatswain@infosec.pub 5 points 2 weeks ago

Technically it's O.MG; they work with and are sold through HAK 5, and license Ducky Script.

[–] TimeSquirrel@kbin.melroy.org 4 points 2 weeks ago

These sorts of tools and knowledge should be free and open, so people can test their own systems and learn how to defend against them. They aren't inherently bad themselves. As with firearms, it's all about what you do with it.

Hiding a potential exploit from the general public does them no good.

[–] Saik0Shinigami@lemmy.saik0.com 12 points 2 weeks ago

And has been available for years... Why this is news today is beyond me. I'm pretty sure I saw these cables on hak5's site over 5 years ago.

[–] BluesF@lemmy.world 6 points 2 weeks ago

Seriously cool piece of kit! I have no use for it whatsoever, but can't help but wish I did.

[–] SnotFlickerman@lemmy.blahaj.zone 8 points 3 weeks ago* (last edited 2 weeks ago) (4 children)

EDIT: Working now! Article is up!

Every other page on Tom's Hardware is loading for me just fine but this article is just pulling up a completely blank document?

[–] JohnnyCanuck@lemmy.ca 15 points 3 weeks ago

They probably pulled the article since it was bullshit, based on the other comments.

[–] cypherpunks@lemmy.ml 8 points 3 weeks ago

same here; other articles there load fine but this one gives me HTTP 500 with content-length 0.

(the empty body tag in your screenshot is generated by firefox while rendering the zero-length response from the server, btw.)

[–] Shdwdrgn@mander.xyz 5 points 3 weeks ago

Same here, I was wondering what was going on.

[–] lurch@sh.itjust.works 2 points 2 weeks ago

I hope you're not hacked and the attacker is blocking URLs that could help you find out.