WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

646

Stuff like this has been around for well over a decade now. I remember something I think was called "evilUSB" or something that did basically the same thing.

Archive: https://archive.today/HfifZ

From the post:

>Industrial CT scanner manufacturer Lumafield imaged an O.MG pen testing USB-C cable, revealing sophisticated electronic components secreted within the connector. Lumafield product lead Jon Bruner shared on X (formerly Twitter) a CT scan that revealed the interior of the O.MG cable, showing advanced electronics and an antenna — a much more complicated design versus the Amazon Basic USB-C cable that Lumafield scanned for comparison. Security researcher Mike Grover created this pen testing (penetration testing) cable for fellow security researchers and hobbyists, red teamers, and for awareness training, especially for highly vulnerable or targeted individuals.

Stuff like this has been around for well over a decade now. I remember something I think was called "evilUSB" or something that did basically the same thing. Archive: https://archive.today/HfifZ From the post: >>Industrial CT scanner manufacturer Lumafield imaged an O.MG pen testing USB-C cable, revealing sophisticated electronic components secreted within the connector. Lumafield product lead Jon Bruner shared on X (formerly Twitter) a CT scan that revealed the interior of the O.MG cable, showing advanced electronics and an antenna — a much more complicated design versus the Amazon Basic USB-C cable that Lumafield scanned for comparison. Security researcher Mike Grover created this pen testing (penetration testing) cable for fellow security researchers and hobbyists, red teamers, and for awareness training, especially for highly vulnerable or targeted individuals.
[–] 1 pt

The device in question is a specialty cable used for pentesting...it has a lot of extra stuff. Nothing sinister about it because it was designed to hack your shit

[–] 1 pt

Well, yeah and no ;) I am not going to lie. I have not built that but similar older versions.

Everything in pentesting is a double edged sward like most things.

[–] 1 pt

My point being is that it's not going to be something you're going to worry about buying at sprawl-mart, that cable is barely functional as a cable.

[–] 1 pt

Unless someone makes sure it's the one you buy. That is.

[–] 1 pt

Now take this same concept and apply it across automotive, pharmaceuticals, food, networking gear, computers, smart devices and so on.

Houston, we have a problem.

[–] 1 pt

Yeah, this already has happened with laptop keyboards (dell about 15 years ago) as well as CISCO networking gear (last one I read about was probably 10 years ago, cisco started a new dead-drop shipping program to stop things from being intercepted in transit and tampered with).

[–] 1 pt

Consider CPU Intel dies. Imagine what they sneak on them. I hope Intel goes out of business.

[–] 2 pts

IME, Intel management engine, It runs its own operating system that you cannot access that has access to every single data line the CPU does (including networking abilities). The US Government/NSA worked specifically with Intel and PC suppliers to create specific hardware configurations that would automatically disable IME for gov purchases (wonder why?).

AMD has something similar as well. All mass market CPU's do.