This looks like an ordinary USB-C connector, but when we CT scan it, we find something sinister inside…🧵
Last year we CT scanned a top-of-the-line Thunderbolt 4 connector and were astonished to find a 10-layer PCB with lots of active electronics. A lot of people saw the scan and wondered whether malicious electronics could be hidden in a tiny USB connector.
The answer is yes. This is an cable created by @_MG_, a security researcher and malicious hardware expert. It looks like an ordinary USB cable, but it can log keystrokes, inject malicious code, and communicate with an attacker via WiFi. Let’s see inside… O.MG
We put an OMG cable in our @lumafield Neptune CT scanner. It captures hundreds of X-ray images from different angles, then we reconstruct them into a 3D model that includes both external and internal features. (The color coding in the 3D model indicates relative density.)
For context, here’s a typical USB-C connector from Amazon Basics. It has a PCB, but no active electronics; the PCB is just used to connect the pins to the right wires in the cable.
Inside the ordinary-looking OMG connector we can immediately spot an antenna and a microprocessor. While high-end Thunderbolt connectors have some ICs, you won’t find an antenna like this in any normal USB connector.
On the other side of the connector is its most interesting feature: a USB passthrough module. When the malicious features of the OMG cable are deactivated, this passthrough links the connector’s pins directly to the cable without sending any signals through the microcontroller, effectively hiding its intent. When a hacker turns on the malicious features, this passthrough connects the microcontroller.
2D X-ray images can detect major deviations from an expected design, like the presence of an antenna and an IC, but it’s easy to slip other features past a simple 2D X-ray scan…
The microcontroller looks like an ordinary IC when we view it as a 2D X-ray image, but when we look at a 3D CT scan and adjust the visualization parameters, we can see another detail emerge: a second set of wire bonds, connected to a second die that’s stacked on top of the main processor. This hidden die could be an enormous security risk–and it’s completely hidden in an ordinary 2D X-ray image.
Complex, global supply chains carry enormous risks, as we were reminded during October’s supply chain attack in Lebanon–a story that @_MG_ has been thoughtfully following and analyzing since it happened.
Hidden explosives in electronics have been used before–for instance, in a USB thumb drive, which @_MG_ was able to reproduce. But as complex, active electronics make their way into corners of our lives that were previously dumb, the surface area for attacks becomes larger. And as devices become more complex, it’s harder to keep track of them during every stage of their manufacturing and distribution. x.com/_MG_/status/16…
I sat down with @_MG_ to talk about the O.MG cable and what it means for our devices–he’s a really impressive hardware security expert, and this is (in my biased opinion) well worth watching. youtube.com/watch?v=V7evSl…
We’ve also posted our scan of the O.MG cable here: lumafield.com/article/invest… so that you can explore it yourself in Voyager.
A lot of you are asking what should be done! At a personal level, buy reputable cables and avoid public USB ports like those charging stations at airports.
Most importantly we need vigilance throughout the supply chain. Manufacturers and retailers unwittingly distribute counterfeits all the time. Fortunately, we’re entering an era of ubiquitous, ultra-fast X-ray CT. This will help!lumafield.com/article/ultra-…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.