Industrial CT scanner manufacturer Lumafield imaged an O.MG pen testing USB-C cable, revealing sophisticated electronic components secreted within the connector. Lumafield product lead Jon Bruner shared on X (formerly Twitter) a CT scan that revealed the interior of the O.MG cable, showing advanced electronics and an antenna — a much more complicated design versus the Amazon Basic USB-C cable that Lumafield scanned for comparison. Security researcher Mike Grover created this pen testing (penetration testing) cable for fellow security researchers and hobbyists, red teamers, and for awareness training, especially for highly vulnerable or targeted individuals.
Aside from the microcontroller and antenna, Lumafield’s in-depth 3D CT scan revealed a second set of wires connecting a secondary die hidden under the primary microcontroller. This detail is difficult to spot in the scan, requiring some visualization parameter adjustments and a keen eye. When the cable was passed through an ordinary 2D X-ray, this secondary die was practically invisible, allowing it to easily pass cursory inspection. That means devices like this could conceivably pass through standard detection mechanisms.
The O.MG Elite USB-C cable has several features that could allow anyone controlling it to take over any device plugged into it. Some of its features include keystroke injection, mouse injection, geo-fencing, keylogging, and more.
Inside the ordinary-looking OMG connector we can immediately spot an antenna and a microprocessor. While high-end Thunderbolt connectors have some ICs, you won’t find an antenna like this in any normal USB connector. pic.twitter.com/EpLb8c2P6lDecember 4, 2024
Lumafield said that it did this scan after it published the internal view of Apple’s Thunderbolt 4 (USB-C) Pro Cable, which revealed a lot of sophisticated electronics inside. Many wondered that if the tech giant could put such a lot of active components inside, maybe someone could put malicious hardware in something as mundane as a USB-C cable. So, Lumafield decided to scan the O.MG cable to see how it hides its active electronics in such a tiny package.
The company's scan shows how a supply chain attack can go undetected. With electronics that look as simple as a charging cable getting more and more complicated every year, anyone, from run-of-the-mill hackers to state-sponsored attackers, could get into the manufacturing process of a device and insert systems that will compromise the final product, or worse.
2D X-ray images can detect major deviations from an expected design, like the presence of an antenna and an IC, but it’s easy to slip other features past a simple 2D X-ray scan… pic.twitter.com/CwomA5ksvBDecember 4, 2024
One glaring example is the recent news of exploding pagers in Lebanon, where someone was able to insert powerful explosives into the devices used by Hezbollah leaders for communication. The pagers changed hands several times — from Taiwan to Hungary — and no one could explain how they were compromised.
The good news is that these cables are expensive, with prices starting at $119.99 for the most basic version. So, you don’t have to be worried about someone spreading this malicious hardware to provide widespread chaos among the public at large. Nevertheless, it’s still better to be safe than sorry, so Bruner recommends that you purchase reputable charging cables sold by trusted stores and avoid public USB ports to charge your devices. If you really need power on-the-go, stick with the best USB-C laptop chargers to avoid getting your devices compromised.
