A charging cable hack demonstrated by Jon Bruner of Lumafield, a company that provides CT scan solutions for businesses, explained in a post to X that small electronic devices can be hidden inside a USB-C charging cable so that they cannot be easily discovered
While appearing normal, the cable's internal electronics have been modified to include a Wi-Fi antenna and several chips stacked on top of each other to provide the USB-C cable with the “brains” needed to perform malicious activity.
Hacked in this way, the USB-C cable can record keystrokes, inject malicious code, communicate with attackers via Wi-Fi, or give hackers full access to your device. Even more frightening, these tiny computers can be turned on and off at will by threat actors.
Bruner's X thread shows a detailed 3D CT scan of the USB-C cable and the inside of the device, showing that the USB-C cable still functions properly and that the device charges and transfers data without errors or other problems.
The cable was provided by researcher Mike Glover, who created the O.MG cable for security purposes. However, others with the necessary skills, supplies, and technical expertise could create similar cables and leave them in public places to gather information and control devices in a manner similar to the juice jacking attack discussed last year.
If you want to avoid accidentally connecting your smartphone or tablet to a hacker-controlled charging cable, the easiest and smartest way is to always bring your own cable; USB-C cables are so small that they won't take up much room in your bag. At the same time, you want to avoid cheap third-party cables altogether. Instead, you want to use first-party cables from Apple, Samsung, or other phone manufacturers whenever possible. If you must use third-party cables, make sure they are from reputable, well-known brands like Anker or Ugreen.
Another thing to consider is that if you just want to charge your device, a wireless charger will avoid this problem entirely. However, the charging speed of the device will be a bit slower than with a wired connection. As with cables, the use of open USB ports in public places should also be avoided. Hackers and other cybercriminals are beginning to weaponize public USB charging, so it is no longer advisable to plug your phone into a USB port at airports. If you already have a cable with you, you may want to bring a charger along; GaN chargers are much smaller than typical cell phone or laptop chargers, yet can charge multiple devices at the same time. When we think of security, we often think of protecting data and passwords and avoiding malware, but stories like this one show that cyber hygiene must be practiced in the real world as well.
Comments