I wouldn’t give this cable to my worst enemy - O.MG Cable
Вставка
- Опубліковано 5 тра 2024
- Level up your desk game! Check out the Secretlab Magnus Desk Pro: lmg.gg/kdg6f
Play Cities Skylines FREE this weekend starting today at: lmg.gg/CitySC
The Rubber Ducky? Basic. The Flipper Zero? Child’s play. This is the O.MG Cable, a stealthy, powerful hacking tool that allows the attacker to log your keystrokes, access your device, and emulate both keyboard and mouse movements. It's priced accessibly for the average consumer, and could be used to juice jack your phone or laptop. How do you protect yourself from such a device?
Data Blocker Teardown: mg.lol/blog/data-blocker-tear...
Big thanks to the following creators for their code:
I-Am-Jakoby: github.com/I-Am-Jakoby
atomiczsec: github.com/atomiczsec
Discuss on the forum: linustechtips.com/topic/15059...
Buy an O.MG Cable from Hak5: shop.hak5.org/collections/mis...
Purchases made through some store links may provide some compensation to Linus Media Group.
► GET MERCH: lttstore.com
► LTX 2023 TICKETS AVAILABLE NOW: lmg.gg/ltx23
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
► OUR WAN PODCAST GEAR: lmg.gg/wanset
FOLLOW US
---------------------------------------------------
Twitter: / linustech
Facebook: / linustech
Instagram: / linustech
TikTok: / linustech
Twitch: / linustech
MUSIC CREDIT
---------------------------------------------------
Intro: Laszlo - Supernova
Video Link: • [Electro] - Laszlo - S...
iTunes Download Link: itunes.apple.com/us/album/sup...
Artist Link: / laszlomusic
Outro: Approaching Nirvana - Sugar High
Video Link: • Sugar High - Approachi...
Listen on Spotify: spoti.fi/UxWkUw
Artist Link: / approachingnirvana
Intro animation by MBarek Abdelwassaa / mbarek_abdel
Monitor And Keyboard by vadimmihalkevich / CC BY 4.0 geni.us/PgGWp
Mechanical RGB Keyboard by BigBrotherECE / CC BY 4.0 geni.us/mj6pHk4
Mouse Gamer free Model By Oscar Creativo / CC BY 4.0 geni.us/Ps3XfE
CHAPTERS
---------------------------------------------------
0:00 Intro and Features
3:43 Data Infiltration and Exfiltration
4:45 Getting around passwords
5:56 Extended Data Exfiltration
6:57 Self Destruction
7:51 DANGER! (Protect Yourself)
10:15 Why is this allowed?
11:46 Conclusion - Наука та технологія
You know what else is less than the price of an LTT Backpack? A FREE weekend of Crusader Kings 3 starting May 11th. Build your dynasty at: lmg.gg/CK3CS
“All for less than a backpack from Ltt store” that doesn’t really give you a good idea lol
nope
Nah
A while back I picked up a micro-usb charging cable in a parking lot before this really became a hot topic and considering my extensive amount of micro-usb cables I can't remember which one it is to get rid of it. Should I be worried? PS: This was like 4yrs ago
no
At this point im 99% convinced these security videos are the LTT equivalent of security awareness training after the hack.
To be fair he talks so much about computers, but very rarely talks about cyber security. I do cyber security on the side and people find it so scary how easy it is to hack anyone today. Security went the opposite, it never got better…it got way worse.
at least this doesnt have the soulless coporate jingle
It's shilling, these are all just thinly veiled advertisements for products
@@ticenits1926 can you shut up please? no one wanted your input.
@@ticenits1926 "shilling" he says. Yeah I love shilling for security knowledge. STAY SAFE GUYS, I'M BEING PAID TO TELL YOU IMPORTANT INFORMATION
To be fair, flipper zero already looks like a happy meal toy.
And it can be used as a Bad USB device. Not exactly stealthy, but tucked behind a desktop computer tower it would totally work.
you finally wake up to what was already possible years ago.
When I first saw the Flipper Zero, I thought it was some sort of Tamagotchi and fidget toy combined....
Yeah, but considering that this cable is about $120 and the Flipper zero costs about $400, I'd say that already makes the flipper zero a no go for most nefarious actors.
To be faaaaiiirr.
Mike created the perfect ecosystem.
1. Create the problem
2. Create the solution
3. Profit
Would be somewhat tempted to plant a cable that just opens notepad and warns against using random cables if not for the price.
That would be hilarious if you could catch someone's reactions
Plant a cable that opens a notepad to warn against random cables & in the background have their webcam open proceeding to download the short video file of them reading that; finally opening the video to themselves reading. This would be a SHOCKER and great content hahaha
@@_____alyptic Make the first line _"SAY CHEESE!"_ and make it take a picture with flash and shutter sound on and send you the picture 🤔😂
That's very reddit of you, have some gold stranger!
As someone who recently sat awake all night, naked, trying to log someone else out of their UA-cam account, I'm sure Linus loves that this tool exists.
🍓🍓🍓
Well done
I hope the being naked part was needed for logging out
@@ToxicMothBoi it was needed for logging
I'm pretty sure that's the reason he's doing a video on hacking tools in the first place. Awareness of the threat is the first step to combating it.
I love that he had to create a device to detect his own cables.
Totally had to. And had to sell these for a lot of money
@@flameshana9 The high price keeps them out of the hands of many. Good thing.
@@wisteelathere is more truth to that than most people realize. I have several cables that were found in the wild. They are all… let’s just say very behind.
Create problem, sell solution :p
He made his own Kryptonite
I would much prefer someone selling it publicly versus them selling it privately.
The flipper and OMG cable is making it known that this could happen and we could learn to defend ourselves. Way better than not knowing till after the fact.
They are not a real threat regardless. Just pen testing toys for basic netsec education.
Realistically nobody is going to go through that much effort for a normal persons info, this would be much more useful to use against companies
People who despise these devices existing don't understand how dangerous this kind of stuff is or physical security for that matter, there are attacks that have existed for over 70 years (and when I say have existed I mean there is absolutely no way the manufacturer did not know for that amount of time) that are still absolutely doable on relatively high-end locks today. The design flaws that allow these kinds of devices (mostly the flipper zero but the omg cable a little) will not be patched if there is not outrage at the design flaw
Can totally see in a few years amazon or ali express being full of cables like
this if these exploits aren’t taken care of. Maybe O.M.G is doing the right thing.
Unless Amazon cleans up their sloppy practices that's definitely going to happen. It probably is already happening.
Not just online shopping but I could see this getting planted in places like gas stations as well. Scary stuff.
By providing the threat? The link is in the description. The hypocrisy no one is seeing is astounding.
@@hollytaylor5327 better to make something like this, be open to everyone about how it works and let it be researched than for someone else to make this with terrible intentions and blindside tons of businesses
@@hollytaylor5327 They make these products for actual security testing purposes as they explained in the video. But yes by making them generally available you're putting the threat out into the real world which means companies are forced to take the threat seriously. Besides you can't just buy these and go on a crime spree, even buying these products absolutely puts you on a list.
As someone who works in a large company IT department. Mike has a good point, most cyber criminals don't need to go through that kind of hassle. Its staggering at the amount of people (who swear they didnt click anything) get their work computers infected that i have to pull, wipe, and re-image. Our company cyber security team also sends out test phishing emails randomly and it always catches people.
I find it very hard to get a work computer infected with anything, can't do shit anymore 😂
it's like stopping a boat made of Swiss cheese from sinking there will be always someone doing the wrong thing at the wrong time.
"I DIDN'T CLICK NOTHIN!!"
..."Sir, I am right here beside you. I just watched you click seven differnt things just because they had blinky pictures."
"I DIDN'T CLICK IT!"
..."Sir, I can -hear- your mouse clicking."
I know better and accidentally clicked a phishing link recently. Fortunately it only went to a fake login page and didn't download anything, but it was a pretty scary couple minutes.
I had a laptop that was in the middle of being reimaged and got infected 💀 Defender caught it but it was strange nonetheless. Mimikatz.
Our company's IT group does bi-annual "USB thumb drive left in the parking lot" tests and our staff has failed for the last 5 years LMAO this cable is definitely the least of their problems.
sounds like your company is a PRIME cable target. People still plugging in random USBs is a "HUGE STUPIDITY HOLE"
If they're that vulnerable to USB infiltrations I'd honestly feel very confident that if I dropped a little over a grand on ten of these in your company parking lot I could make 100x time my money back through a combination of personal blackmail & company hacks. but hey im just a ten year old kid or a 40 yo virgin trying to sound mean and scary right? yeah probably i mean... more than likely? or maybe.... lol this sh*t isn't hard or expensive (relatively) its just obscure. Once you understand the principles the primary limits are your own creativity and ethical standards.
@@Jake420 Why spend $100+ on an attack cable when the company can be infiltrated with some $5 USB sticks, is the point I think they were trying to make :P
I worked for a chemical company on a project and all of the production control machines were air gapped, used PS2 keyboard and mouse and had all of their USB ports stuffed with hot glue.
Transferring data to those machines was done with special "data caddies" which were basically USB drives with a non-standard connector.
if they start writing people up and cutting pay and benefits every time they fail the test they will gain IQ points real quick
So, where do you work?
Kidding. Saw a man in the street thing where they offered people candy for their workstation password. So many just handed it over no probs.
"We'd better off learn about now while it's expensive, then later when it's cheap and it's too late."
Well said, so well said
China has already reversed this from the day it came out, we'll see $10 versions in a few months.
lol, no. These sorts of tools can be made for $10. It's been cheap for years. It's not a real threat becasue these tools are not useful for actual targeted attacks.
@@theairaccumulator7144 It's been $10 for years already. Look at what Arduino offers, lol.
@@theairaccumulator7144 these Chinese stuff works but they usually don't come with comprehendible docs, so I guess we're fine for now
The NSA apparently had these back in 2008 (according to the ANT catalog leaked in 2013). COTTONMOUTH-I was a device that could load malware and act as a wireless bridge (for subverting airgaps) while being disguised as a regular USB cable connector. The price for making these things must have a dropped a bit, since the listed unit price was 20 300 USD.
It's expected for intelligence agencies to have access to these and more. But for normal people to, this is gonna be interesting to watch unfold.
I feel like $100 per cable is already incredibly cheap for someone looking for a big payday by infiltrating some organization
Not only that, people backward engineer this stuff all the time, so I could see a slew of people making "copies" of this tech, and it not only being cheap but unknown because they will only use it for themselves
Yeah
not just for an organization, but for an average joe with a vendetta as well. It may be expensive for throwing it on the road or using it for general attacks like in a hotel. It's perfectly viable for a targeted attack. I can see a disgruntled ex slipping it in.
Sending an email costs 0$ though and is more likely to work, less likely to be traced back to you (if you know what your doing), and is likely to give you more access.
Walking out with a computer or hard drive costs 0$ and is more likely to work and much less skilled, and if you are vulnerable to physical attacks someone could pull it off.
Plugging in a normal keyboard costs 20$ and while there are some things you can't do with it, (remote connection) you could still do damage.
I love it when LTT covers these tools because they are fun to play with. But I am much more worried about phishing as an attack vector than physical attacks with tools like this. These tools are not going to shift how we defend networks because they are simply slightly flashier more advanced versions of existing threat vectors.
@@adrianvd6940 honestly, at $100 this seems to be consumer pricing already. trying to fit that tech in the package space of half a thumbnail, is already impressive. I kind of want to send one of these to a lab and do a full analysis, including cross sectioning, xray, and acoustic scanning. not in that order mind you
Security is one of the few fields where "spreading awareness" is actually a valid and worthwhile thing. These attacks exist whether we like it or not, so it is better to know about them so we can defend against them.
Its also a field that can't be measured you cannot tell how many attacks awareness prevents.
My work CONSTANTLY reiterates never using the same password for your personal accounts as for your work accounts, to never giving your work passwords to phishers, to never using your work email to sign up to shady sites. Yet employees continue to do it.
100%. The only real attacks are social engineering. Remote hacks and such are hollywood tropes.
@@FelamineClearly not a problem with the “law” then.
Few? What fields are there where spreading awareness is bad?
I'm glad your covering this. I saw these and picked one up at DefCon last year and have been messing around with it, it's a GREAT Red Teaming tool, especially if it's more than just a single day op. You can either connect it yourself or leave/swap it on a desk when your doing a "scheduled unscheduled audit" or something similar. (I'm a professional pentester not just breaking into tech companies without permission)
The name of the NSA implant this is inspired from is called COTTONMOUTH. A USB cable with wifi remote control in the type-A end. It was in the TAO catalog released in late 2013 iir.
2:43 I appriciate the editor using different TF2 payloads as a way to show it can carry multiple.
THE CART IS SUPPOSED TO GO *FORWARD!*
THE CART IS REACHING THE FINAL TERMINANCE!
MEDIC!
GET TO THE CART MAGGOTS!!
Who's not pushing ze cart? I want the names!
And that’s why I always carry my own cables. If anything, this video couldn’t be timed better since I’m headed downtown for the day & had to pack some chargers.
Toileg
I like how you say"against"
@@danyal_assi Ratio
Wow with that price it may make him a lot of money
Why bother taking electronic devices with you? Go there without them, keep them at home. You'll be 100 times happier
This sounds like a stress test that went on at LMG where they planted a cable that got used and then there would've been a seminar around 'security in the workplace', followed by 'That would make a great video' 😂😂
These kind of videos are great! Really interesting and genuinely helpful! Keep them coming
Mike creating a problem and also providing a solution is a genius way to sell stuff
doesnt get more textbook than that, well played to him
That's the governments way.
Still a pos
Technically it could be classified as racketeering, but there are some qualifiers for that.
Well, it's just a detector. Not a full blocker, so, no solution really lol
Could still just instantly execute scripts.
I almost worry that people are going to try and slip these into things like Ebay or Amazon listings or returns, they look good enough to be official and nobody would think twice about using the charging cable that came in the box with their new phone.
Yeah, but anyone trying to save money by buying a phone on ebay probably isn't rich enough to be a worthy target of such an attack. It would largely be a waste of the attackers time and money more often than not.
@@GeneralNickles I disagree. Scammers gonna scam.
You didnt check the price of the cable. Dont be stupid, no scammer will spray and pray with it.
@@Khronogi yeah, but scam what, though?
If they put ransomware on some random middle schmuck's computer, then said schmuck would probably just go get a new computer. Stealing banking credentials isn't gonna accomplish much, because they probably don't have much to steal in the first place.
It would almost always end up being a waste of time and money.
@@Khronogi It's $120 USD, no scammer is going to pay that much in the hopes that some random person will use it and have anything worth stealing. Scammers succeed by casting a wide net that doesn't cost them much if anything, like phishing emails, not by by spending over $100 per target.
One day we'll encrypt USB with keys that we upload to devices ourselves. Setting up a keyboard, mouse, USB stick, etc. will become crazy complicated just to keep bad guys out. And they'll still find a way.
Please do more videos like this, so people can learn more about it.
It's misinformation based on a bad understanding of real world netsec, and shilling to sell a product. LTT are the last people to give out netsec advice.
15 years ago my brother warned me about this stuff.. Ever since i've never used public charging and only use my own brick and cable xD sometimes a brother with a tinfoil hat is a good thing. Miss him tho
its the worst part about being a cynic. You don't want to be right. But you know you are. Your brother sounds like a wise man. As someone with 3 younger brothers to protect (even if they don't realize they still need it) you have my respect from one brother to another.
@@Secret_Takodachi if his brother said that 15 years ago he isn't wise. Its probably the first thing that came true that he said.
@@jarryjackal3827 your comment is just as presumptuous as the one you’re criticising
I wonder how much data can be transferred when just charging? Android phones ask before data transfer over usb would that not prevent some of from accessing data?
@@jarryjackal3827 hacking has been around far longer than the early 2000s. Just cause a method is widespread enough to get onto LTT now doesn't make it new. Don't you remember those good ol days when they warned ya not to put strange CD's into your disk drive, or those sketchy floppies with some guys sick new beats from the subway?
Man, the ending about those getting cheaper, that gives the chills.
Love to see security content like this on the channel. It's way more important than people think it is.
Once one person does it, then the copycats will try cheaper versions, but perhaps not as full featured.
It's not viable for general attacks but perfectly viable for a targeted attack. If someone wants to harm you they will harm you, money is not a problem for those cases.
These devices pose zero threat in the real world. Don't buy into LTT's fear mongering. They are selling a product.
@@brianwest2775 Devices like this have been $10 for years, it's nothing special or new. They are useless in the real world.
@@chiranjeevsahoo4960 Targeted attacks need to be far more sophisticated for a remote attack. Anything worth while is going to need a physical compromise to be worth using a remote tool. Which is pretty much non-existent for years already.
I love that the creator had to make a malicious cable detector lol
i have 2 of these. glad to see hacking tools recent in videos. love it
Not sure if there is a phobia name for "fear of cables" but I'm sure we're gonna need one.
Its called Apple.
Though it could just be phobia of mini-jacks
Cablaphobia
Pronounced Kay-blah-phobia
I'm just glad I decided to keep those 2 boxes full of cables for the last 20 years of my life!
... who am I kidding, it's more like 4 crates.
@@MotoDash1100 I lol'd. Thank you.
@ChillingSpree give it two and it’ll be another gender lol
My biggest worry about these is how easy it is to inject fake or knock-off items into Amazon's listings or inventory. It's entirely plausible that an attacker could mock up a few of these to look like some reputable brand and then sell them on Amazon to unsuspecting people. I've gotten fake stuff from "Ships and Sold by Amazon" listings, so it's not just a matter of avoiding dodgy listings.
Too expensive to be worth it now? Probably. But that won't last long.
People are saying the chips only cost a dollar. So there's nothing to stop them from it.
allready made its way into best buy disgused as legit products. People buy a real one. replace it with this then return the product to the store.
@@flameshana9 Pretty sure its just an esp32 or something.
I expect that someone like Apple or Samsung don't make their own cables in house. If the company they buy these from wanted they could include cables like this with every smartphone these companies sell. Then wait until their cables are everywhere or until they are found out and then ransom every device.
@@Souchirouu Thank you for that idea…
New fear unlocked, thank you linus!!
the rubber ducky, omg cable, and flipper are amazing items. they are really cool
Linus: I wouldn’t give this cable to my worst enemy
Also Linus: but whoever hacked us is an exception!
Linus: But I'll happily give it an incredible amount of free advertising!
@@KrillinInTheNameOf So you prefer to be NOT informed and caught in panic wave or be the victum when shit hits the fan?
@@alexturnbackthearmy1907 I'm not sure what this has to do with being opposed to him promoting actual products. He could warn people about the risks of these types of devices without showing every wannabe hacker exactly where to get a product like this.
@@KrillinInTheNameOf I mean I searched for "hacking USB cable" and got the OM.G and Ninja as the first results, with a public storefront, so I don't think that barrier to entry is really valid.
"It makes flipper zero look like a happy meal toy"
For some reason I can't even explain why I laughed so hard there 😂
Lol me too
.... because the flipper zero DOES look like a happy meal toy? I don't think the cable has anything to do with that...
Flipper Zero does already look like a Happy Meal toy though. LOL
The video says uploaded 1 hour ago with your comment being made two hours ago 😅
@@WSAnderson Exactly LOL
Thanks for the video as a wake up call. I knew that plugging in any usb device or flash drives found on the street would be a dumb thing to do. But I had no idea until now, that even just a cable can be malicious. They always seemed really benign to me.
I knew about most of this but the take away at the end (better to learn about it now, than too late) makes this video a goodie.
Thank you for teaching us about things like this! I'm a computer salesman, and a lot of people come to me with cybersecurity and ask for my knowledge. So when it comes to things like these, you said it first, it's better know about it as early as possible to prevent people of having these encounters.
Have a nice day
Levy
couldnt agree more
People are dumb, it can't be fixed... I could grab a USB stick, load up an autorun attack tool on it, and almost everyone would pick it up off the street and plug it in. By making it throw a popup saying it's not compatible and to try another computer I could get them to infect everything they have access to. I'm in IT and security now, because I used to wear a different hat before and know how it's done, there is a near infinite mountain of attack vectors to use and the way to protect against them is isolation mostly.
I never thought we'd need this, but here we are - I think "Plug and Play" in Windows needs to be updated to have some sort of hardware security or something, god knows how that could ever be figured out, goodluck Microsoft
Toilet
@@danyal_assi stop spamming, you arent funny
It’s not possible. A computer is useless without some way to interact with it. If a person can interact with it, then anything that emulates a person interacting with it can too.
The best that can be done is a cat and mouse game trying to detect exploits, etc. but that will never stop someone being able to go to a website and download software or run software written on the machine itself.
I mean, it would be nice to have the option. but on the other hand, these devices can mask themselves as pretty much any device out there. so even if windows gave you an alert or something that the device named "xx" was connected and you need to accept a prompt to continue, this could just name itself the same as the device and most people would not ever see anything wrong with that.
it would likely mean making billions of USB devices uselsess and obsolete since they dont have any way to verify themselves to the new security system
Did not expect that for a cable.
Thanks for the video!
super glad linus tech tips is reviewing hacking tools or at least bringing attention to them.
0:46
"All for less than a price of a backpack"
A 250$ backpack!
A backpack that may or may not still have no warranty.
lifetime warranty?
In regards to juice-jacking, I miss the micro USB cables we had at Google, by default they were charging only and had a physical switch to enable the data lines of the cable if you needed to transfer data. Sadly they never made USB-C versions
There are type A charge only USB adapters. You could use one of those with a tape C to type A adapter. You’ll probably lose charging speed, but at least you can use it in an emergency.
It occurs to me that using USB for charging, data, and input is actually quite a security flaw. I know some large companies just disable USB drive support on all computers. Now I see why. Perhaps SD cards are actually safer, because they can only be storage.
@@andybrice2711 - It’s more serious than data. USB is a bus, just like the PC Express bus, which means that it can add devices to your PC.
@@sylviam6535 Having a single button is way more convenient than having to add / remove the "USB condom" (as some call it) each time you want to toggle data on or off. I miss those cables too!
@@florentcastelli - I am not sure that a physical switch would work on USB type C. They would probably need to insert a chip to deal with the additional complexity.
Unexpected extra advantage of the smaller USB-C plug: harder to put this stuff in (for a short while at least).
Very interesting though, both from a technical perspective to see what crazy sht is possible as well as how to protect against it, thanks!
I got one of these cables, and one of the plug versions as well. They are freakin awesome.
It is a nuclear bomb
Toilet
Yes
Валидно
fish
Ka-boom!
I will be bringing both my own charging brick and cable everywhere going forward. The world is getting scary.
No I don't fucking care
Always has been
@@resneptacle yup nothings really changed just method
@@xwiick Yep. They've been warning about using public USB charging stations for almost as long as they've been a thing.
@@xwiick "The more things change, the more they stay the same."
Love paradox games, I totally recommend them and loved this sponsor
I really like the channel I like the way you explain everything it's really cool! Thank you
Wow.. "Best to learn about it now when it is expensive rather than later when it's cheap and too late" is probably the best line from an LTT video.. like ever!
No kidding. Even the ELITE version is ONLY $199.99, that's CHEAP for something with such nearly limitless functionality!
It still won't matter
Another use case where this could be problematic is people getting these cables for their partners/friends/family members as a way to spy on them.
"Hey honey, have you seen my charging cable?"
"No. But you can use this extra one I have."
im gonna use thumbnail to soy on myself. Finally gonna know what the fuck i do all day
Generally if you're going to spy on your loved ones, you'd also have physical access to the devices they use too. Sneaking in a USB device into the back of their desktop or laptop is going to be easier and cheaper than ensuring they use your cable.
@@Programmdude yes but when it comes down in price it would be less phishy and a cheap way to get into the person phone which these devices target also
People have been hacking each other since people exist. Its even common to treat ideas and thoughts like this usb cable, like a threat. And sometimes they are. This tech is interesting, nonetheless.
Already exists. Use of a hardware keylogger on your partners PC to spy on them for abusive purposes has been a thing for years. Most people won't notice something in the back of their machine that wasn't there before.
8:38 there are many tactics that physical pentesters use aside from lockpicking. you can look up tactics physical pentesters to see. this includes stuff like using common keys, slipping a piece of trash into a poorly installed door latch, etc.
"Hey man can I borrow your charger?"
Then just give them back your involuntary backup cable.
Juicejacking makes sense considering the term juice is synonymous with power; leaving a "charger cable" at a diner would be a really effective means of attack especially if the victim believes that cable is the only means of keeping their device charged. Take a McDonalds near our location for example, they have only one seat adjacent to an outlet, if an inconspicuous cable is just sitting there and their phone is about to die chances are they aren't going to spend the time to dig around for their own cable (if they have one).
Juice jacking is an absolutely perfect hacking term in the classic style. Reminds me of phone phreaking
Glad stuff like this keeps me working
Found a data blocker a while ago on the street brand new. Love it and using it since. 100% recommend to anyone 👍
The Scary part would be when it gets cheap enough that an Amazon 3rd party starts selling these as regular usb cables.
😂
I feel the argument that it is a warning is pretty weak when it's being sold...
To be safe on public charging-stations, you could also just use power-only cables. Those don't have any Data-lines.
USB-C cables all have data lines, they're what allow rapid charging.
Wow, this video is absolutely amazing! The quality is incredible, the content is engaging, and I learned so much from it. You clearly put a lot of time and effort into creating this, and it definitely shows. Keep up the great work, I can't wait to see more videos like this from you!
Most things are less than the LTT backpack 😂
for real 😂
My thoughts exactly
another thing that's cheaper than that backpack...is this segue
Kriega R30: $275 USD and made from abrasion resistant textiles, has a fantastic system for distributing weight and staying on, as well as 30 liters of space and having a massive 100% Waterproof compartment.
Linus: how 'bout none of that BUT it's $25 USD less expensive.
Except for a graphics card. You have to go down to an RX 6600 or A750 to start seeing cheaper prices!
If some random coder dude is releasing these at a reasonably accessible price, you can bet these have already been around for a while in a more secretive manner. Governments and other various agencies have likely been using these for years. At least now the public is aware that these are, in fact, a real tangible thing.
Pretty sure spy movies have been using these for the past half a century.
And the fact that the FBI is willing to _tell people this is a thing_ is a sign that to them, this method of exfiltrating data and hacking stuff is already *_obsolete_* by Three Letter Agency standards. Why spill the beans on a technique you're still actively using to spy on people?
Yeah in my eyes what this guy is doing is making this accessible to security researchers and pen testers so companies etc can figure out how to defend themselves from it, rather than really creating a new attack vector or anything of the sort
Yes this type of device has existed for many years, the company behind the usb rubber ducky has been around since 2005. Awareness is just bad, they've clearly made their point to the negligence of certain enforced security. In security, the biggest vulnerability to anything is physical access, with the right tools you can obtain anything. This is not just technology of course. Honest attackers are creative and sneaky who can be reasonably discouraged. Attackers with sledge hammers also exist.
Keep your important belongings safe!
The name of the NSA implant this is inspired from is called COTTONMOUTH. It was in the TAO catalog released in late 2013 iir.
Hey LTT, y'all should do a video on the evolution of electronic spying tools (bugs like The Thing, or this new cable.)
This is mad , Love the Flipper Zero
This is just plain dangerous. Thanks techies for making my day less anxious and safer.
You're welcome. As consolation, you don't need to be afraid of hackers trying to compromise your systems until you have data worth stealing. Are your memories safe? I sell zero-day exploits on bug-bounty forums. Secure your bad ideas and protect the future of disinformation.
@@oldtools6089 assuming you don’t have information worth stealing is this first mistake.
Do you have a social security number? Then you have information worth stealing. That number is worth a lot of money.
@@rebchizelbeak5392there's also a factor of "have you made any severe enemies to go to these lengths".
@@chiranjeevsahoo4960 no.
I know people that have had their SS number or cards stolen with no enemies.
Those are worth thousands.
@@rebchizelbeak5392 And are profitable even at this cost
I feel like the quote, "Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should." best applies to this cable.
This cable should be a crime
@@joshbittner ethen hackers that need one will just make their own, You ren't solving the problem
The problem with that saying is (skipping the whole scientists vs engineers, the tech isnt new the application is) not that this is a unique tool developed by some masterminds. It's common tech thats been packaged and branded for the consumers. CIA had this tech 10 years ago and so did probably other state funded organizations as well. It's only a matter of time before you can buy it from aliexpress for a dollar. Creating this product and bringing this design flaw in USB to the light of mass audiences does more good than harm to the world collectively.
No, what applies better is “security through obscurity is no security at all”. OMG didn’t create this attack vector, he made it accessible to everyone and raised awareness that this exists. Now more people will be on guard, look at this and work on mitigating this.
@@ForeverHobbit "not solving the problem" is not an invitation to make that problem even worse.
I won’t lie this thing is flipping insane… so much packed into such a tiny device
I liked the advert at the end, suggesting you can hide your cables away. After Linus had explained that cables that weren't easily visible would be easier to compromise :)
Love the recent security focused videos. Please keep them coming.
Solid content. We need more of these especially from the big channels. Thank you!
Thanks for the info mate 🤛
0:40 you made it sound like we shouldn't buy your backpack as it's more expensive than this state of the art hacking tool lol
Always cool to see LTT do a more simplified overview of HAK5 tools. Might be cool to see a cybersec spinoff channel so a bigger channel like yours can help spread awareness.
I look forward to Mike releasing the O. MG Cable Detector Detector. On a different note, yes blocking data lines does somewhat protect you from this attack vector, but I believe these are also some charging standards where the data lines are required for fast charging. I suspect some may yearn for the days of proprietary chargers and no interoperability...
Not me, I set all my passwords to the same word anyway, so when you steal that, I only have to change a single password. Checkmate hackers.
He might have kept some backdoors open in his detector for very special custmers or high priced cables.
We need to create open source detector project so that it'll be kept updated for each new cable.
People called us paranoid when we rolled out centralized authentication of USB devices in our company 😂
Tools like these help testing your security for sure.
The problem is, if there is actually a bad person who really needs to go these routes, there is also probably enough criminal energy to build it yourself.
Its better to have the tools to protect yourself against it, than to wait for someone who WILL make their own.
But yes, most ways into a security system are wayyyyy easier and the weakest link in the chain will always be humans
I've said it before, I absolutely love the security videos.. please continue to make them.
They are more or less fearmongering misinformation. These tools are useless in real life and pose zero threat. They have been around for years for $1, and there have never been any recorded accounts of these attacks being used on anyone.
I can't wait to hear about the next LTT hack because someone watched this and thought "what if".
If I would live anywhere near I would definitely do this.
On the other hand I hope dbrand will use one of those to prank Linus with their next "hacked" lineup
Here's an example I had during my trainings. I proposed the students to only share files and documents with approved or known team members of a contractor. If they didn't trust it, they should get in contact with the contractor using a phone number known by our company. I got laughed at and they didn't think it was serious. Next, another speaker shared a security awareness of not clicking links in an email. People were like "yeah, that makes sense". I'm like, why don't you take my warning serious, but this one you do?
I really like how this tools are there in this way, while faster and better the security evolves is better, is they are not shown, is almost sure someone else will be doing it, but will be hiiden to others, that is more risky than know this is actually possible and even we can buy one of them to prevent the attacks.
8:50 " sif someone can walk in and take something, they can walk in and plant something" LTT's security are clear at risk seeing how much get taken from the office😂
As Mike said, the average person and probably does not have to worry about an attack like this right now because it's too powerful.
"You don't aim a cannon to kill a fly"
But when you are mass producing the cannon ball anyway, you may as well have a go...
Even so, I could easily see that in airports for example, since lots of business people go there so even if only 0.1% of them tries to charge their work phone in it, it's already multiple companies that could be at risk. And obviously, you, the user, who just wanted to charge your phone while waiting for your plane.
Even if you're not a target, stay safe
These are not powerful. You can't do much with them. They are only useful if you know a lot about your target and want to get data on their computer
@@uponeric36 Basically yes. Or just use one of your cables that does charging only (disconnected data wires). Or bring your own charger. Or always charge your powerbank and charge your phone only through it. There are lots of options, and to be honest, even before these kind of attacks I never plugged my phone into a public USB port because they charge so slowly it's useless. I always use my charger
I dunno, I mean I think a fly is kind of a bad example though. You've heard the lengths people will go to kill a spider right?
Additionally, you should always close windows, because USB stick theoretically can be inserted by drone.
mike's a legend, creates the best hacking cable and makes a profit from hackers and also creates a data warner and profits of people avoiding such hackers to hack them
The way I see it, this was always a viable attack vector. If Mike didn't make his publicly available, someone else would be doing it in secret (and likely already has). If you don't know a threat is out there, you can't defend against it.
Except that he clearly doesn't care about the security aspect and he is creating THE NEED. He rationalizes heavily and his body language is visibly giddy about the potential chaos that he can sow by having a tool - that would normally cost substantially more and for good reason - much more accessible to the average populace who are willing to sacrifice their kidney for a goddamn $2000 GPU. For LTT to brush that aside while using it as an example was an "O_O are you serious?" moment.
The irony of this is that he is apparently lackadaisical about it at home and was forced to create a counter-measure because his wife was getting tired of his bullshit. (Frankly, i'd just divorce the asshole.)
@@gludlok747 who pissed in your cheerios?
@@RoshiGaming No one. Well.. not that i've noticed anyway. I just know bad news when I see it and I haven't felt this uncomfortable watching an LTT video ..ever. So I responded to a comment that helped formulate what I was thinking.
@@gludlok747 you’re actually dumb. Nearly everyone who works in offensive security from pentesting to red teaming gets excited and giddy about new hacks and toys. Anyone else who is able to invent anything similar to that from Proxmark to the bash bunny has every right to be excited about what they achieved and it’s dumb to think that means anything about their attitude to security.
@@gludlok747 the counter messure may actualy be just as bad as the creation. hes just not going to tell you. and make you think you are safe. thats the level we are at here.
Although I find this technology somewhat frightening. I am much more concerned with the fact that I never knew it existed to this point. The best way to protect yourself is to become educated on the topic. That is why I hope LTT continues to come out with great videos teaching us about nefarious methods an individual might use in the tech sector.
If education actually solved problems we wouldn't have them. The internet's been around for almost 3 decades but humanity is less educated than ever. They fall for the most obvious scams. Do you know how many times I have to tell my family not to do certain things on a computer/phone? They still don't understand not to immediately trust what they see.
Pessimism is a better protection than trying to learn about all the different ways life can screw you over. Case in point, the guy who made this said there's many easier ways that are constantly being used. These methods are rare.
you can't protect yourself. its out there
@@housemouseshorts Living the rest of my days out in the woods becomes a more enticing option with every passing day.
I get that mike is on the up and up... but when they said he made a cable to detect malicious cables... I got some very "we created a disease to sell an antidote," vibes
"Get a data blocker."
And then these things start being made to imitate the look of popular data blockers, if they haven't already.
I assume there is a new focus on cybersecurity over at LTT after the recent hack... good to see more content making that world more accessible in a responsible way. I studied academic Philosophy and the depth of the conversations around the cybersecurity world about code, ethics, and best practices is in the company of the deepest conversations I've ever ran across. Maybe LTT should talk to Steve Gibson over at the Security Now podcast.
As much as I hate hearing what people are creating for less than honorable purposes, I do appreciate video's like this to inform the general public.
I really wonder why someone would create something like this
Incredibly terrifying. Glad you put orange on the scary cables.
Awesome video, I was just looking at this a month ago.
I thought about something like this the moment I started seeing "public use" cables/charging stations in airports, malls ect. and kept always bringing my own cable and brick. Friends and family said I was paranoid/crazy, to them I smugly tip my tin foil cap 😏
Oddly reminds me of the early days of free wifi access points at places like coffee shops etc and my warning to friends / family of how numerous the ways were that they can be malicious
Wait til they start replacing the power plugs then you screwed
I feel like these are probably similar to credit card skimmers. They are probably pretty abundant but the chances that we as an individual will encounter one are low.
@@mikemcmike6427 hence the adapters for power only that block the data channels on the cords
The odds of someone using this on random nobodies at the airport is REALLY low.
While every other big UA-camrs are going to give its viewers same content at the same time, Linus always make a way for him by differentiating his content from others. Love you man!
The Malicious Cable Detector should have a "Destroyer" companion. I wonder how that cable would handle 30V 🤔
As an excellent comic pointed out, the real way bad actors get your passwords isn't hacking the mainframe and breaking the 2048-bit encryption blah blah blah, it's more like they phone you and say "hey this is Bob the password inspector" and bada-bing bada-boom
Love network security content definitely want more of this kind of content!!
the worst thing about this seems to be the fact that these cables are unmarked. amazon sellers could easily have some of these mixed in with a generic product
Ding, Ding, Ding. Shared product bins is already an issue beset with with counterfeit knockoffs. The fact this exists at all should be a crime, and if not the engineers responsible should be mandated to carry liability insurance to cover any damages resulting from their product being used by anyone that's not a white hat.
Or someone could buy legit cable, replace it with one of those, and return it. Scarry but possible...
@@reahreic7698 i feel like you're reaching a bit. This thing is only effective if the person who wants to use it is able to get close to the person. So what are they going to mix it in with legit cables and pray they get it sent to the person they want to attack?
@@altokers that and the cost would be astronomical
Dont buy stuff from amazon
Man, I think this could be a real threat on university campuses. Drop one of these in the library or computer lab. Heck, just plug it in to a computer and leave it. You'll have hundreds of passwords and log in info by the end of the week. Put one of the go betweens on a uni keyboard and people could do all kinds of damage.