This looks like an ordinary USB-C connector, but when we CT scan it, we find something sinister inside…🧵
Last year we CT scanned a top-of-the-line Thunderbolt 4 connector and were astonished to find a 10-layer PCB with lots of active electronics. A lot of people saw the scan and wondered whether malicious electronics could be hidden in a tiny USB connector.
The answer is yes. This is an cable created by @_MG_, a security researcher and malicious hardware expert. It looks like an ordinary USB cable, but it can log keystrokes, inject malicious code, and communicate with an attacker via WiFi. Let’s see inside… O.MG
We put an OMG cable in our @lumafield Neptune CT scanner. It captures hundreds of X-ray images from different angles, then we reconstruct them into a 3D model that includes both external and internal features. (The color coding in the 3D model indicates relative density.)
For context, here’s a typical USB-C connector from Amazon Basics. It has a PCB, but no active electronics; the PCB is just used to connect the pins to the right wires in the cable.
Inside the ordinary-looking OMG connector we can immediately spot an antenna and a microprocessor. While high-end Thunderbolt connectors have some ICs, you won’t find an antenna like this in any normal USB connector.
On the other side of the connector is its most interesting feature: a USB passthrough module. When the malicious features of the OMG cable are deactivated, this passthrough links the connector’s pins directly to the cable without sending any signals through the microcontroller, effectively hiding its intent. When a hacker turns on the malicious features, this passthrough connects the microcontroller.
2D X-ray images can detect major deviations from an expected design, like the presence of an antenna and an IC, but it’s easy to slip other features past a simple 2D X-ray scan…
The microcontroller looks like an ordinary IC when we view it as a 2D X-ray image, but when we look at a 3D CT scan and adjust the visualization parameters, we can see another detail emerge: a second set of wire bonds, connected to a second die that’s stacked on top of the main processor. This hidden die could be an enormous security risk–and it’s completely hidden in an ordinary 2D X-ray image.
Complex, global supply chains carry enormous risks, as we were reminded during October’s supply chain attack in Lebanon–a story that @_MG_ has been thoughtfully following and analyzing since it happened.
Hidden explosives in electronics have been used before–for instance, in a USB thumb drive, which @_MG_ was able to reproduce. But as complex, active electronics make their way into corners of our lives that were previously dumb, the surface area for attacks becomes larger. And as devices become more complex, it’s harder to keep track of them during every stage of their manufacturing and distribution. x.com/_MG_/status/16…
I sat down with @_MG_ to talk about the O.MG cable and what it means for our devices–he’s a really impressive hardware security expert, and this is (in my biased opinion) well worth watching. youtube.com/watch?v=V7evSl…
A lot of you are asking what should be done! At a personal level, buy reputable cables and avoid public USB ports like those charging stations at airports.
Most importantly we need vigilance throughout the supply chain. Manufacturers and retailers unwittingly distribute counterfeits all the time. Fortunately, we’re entering an era of ubiquitous, ultra-fast X-ray CT. This will help!lumafield.com/article/ultra-…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We just CT scanned 1,000 lithium-ion batteries from 10 brands to see how they compare inside.
The differences we found are enormous, and point to serious safety risks in off-brand batteries that can easily make their way into the supply chain. Here’s what we saw… 🧵
Can you spot the differences between these two batteries? One is a legitimate Samsung cell; the other is a counterfeit. It’s marked with a Samsung-style part number and feels well-made.
@Samsung But inside, these cells are completely different. Our @lumafield X-ray CT scans reveal that the Samsung cell has consistently high quality; its anode layers overhang the cathodes evenly. The counterfeit is a battery fire waiting to happen.
Last month @AnkerOfficial recalled over one million power banks due to an unspecified battery manufacturing issue. We CT scanned 3 recalled power banks and 2 that weren’t recalled to see what’s going on inside. Here’s what we found…
Lithium-ion batteries must be manufactured to extremely tight tolerances. They’re made by winding thin films of positive electrode (cathode), negative electrode (anode), and separator into a tightly packed “jelly roll” that's sealed into a cylindrical can or rectangular pouch.
If a contaminant is introduced during manufacturing or the film is wound unevenly, it can cause a short circuit between the layers. This can lead to rapid discharge, overheating, and potentially fire—making even small defects a serious safety risk.
Do water filters actually do anything? We CT scanned several popular water filters before and after use to see what they’re able to keep out of your body. Here’s what we found… 🧵
These are before-and-after @lumafield scans of a Brita water filter; it’s filled with a blend of activated carbon and ion-exchange resin and claims to trap chlorine, sediment, and heavy metals like lead. The filter medium swells with use, and it also gets denser. How do we know?
Industrial CT scans capture both geometry and relative density. We start by taking hundreds of X-ray images from different angles, then reconstruct them into a 3D model that can be sectioned and analyzed. A dark area in a 2D X-ray image could be either thicker material or denser material; by rotating the object we’re scanning, we can separate geometry from density. In this @lumafield CT scan, density is visualized as a blue-red color map.
We just announced a major breakthrough in X-ray CT technology at @lumafield: scans that take hours with conventional CT will now take seconds. Here's why that's important 🧵
A CT scan is the richest possible source of industrial inspection data: it gives you a full 3D model of your part, inside and out, along with relative density information. But it's always been too slow for use in high-volume production environments—until now.
By bringing scan times down to as little as 0.1 seconds, we've overcome the major drawback of CT. Now it's a practical inspection technology for high-volume production.
Pens are made by the billion, require insane precision, and still work almost every time. We CT scanned a few common pen types to see what’s inside... 🧵
First up: a fountain pen 🖊️ These date back to the 10th century, but practical designs appeared in the 19th century. When the pen is tilted, gravity pulls ink from a cartridge to the nib. Capillary action pulls the ink through a slit in the nib, where it flows onto the page. Here are the 2D X-ray radiographs we captured of a fountain pen; we use software to reconstruct them into a 3D model (next tweet).
Here’s the 3D reconstruction of a retractable fountain pen—the Mahjohn A1. Our CT scan of the pen tip shows a spring loaded door that opens and closes to prevent the ink from drying out and to protect the nib.
We CT scanned an Apple Vision Pro! We also scanned two Meta headsets. Here’s what we found inside, and what it says about the two companies’ approach to AR/VR and to hardware development in general. 🧵
Here are our industrial CT scans of the Meta Quest Pro and Meta Quest 3 headsets. If you want to explore these scans, head to . Now let’s see what we found… lumafield.com/article/apple-…
Apple and Meta have taken different approaches to the market: the Vision Pro is a premium technology showcase for early adopters, while the Meta headsets are priced for accessibility in order to get as many people into the metaverse as possible.