A charging cable hack demonstrated by Jon Bruner from Lumafield, a company that offers CT scanning solutions for businesses, explained in a post on X how tiny electronic devices can be concealed within a USB-C charging cable in such a way that they're not easily detectable
While they appear normal visually, the internal electronics of the cable have been altered to include a Wi-Fi antenna and several chips stacked on top of each other in order to provide the USB-C cable with the “brains” it would require to execute malicious activities.
A USB-C cable that had been hacked in such a manner could be capable of logging keystrokes, injecting malicious code, communicating with an attacker over Wi-Fi or even giving a hacker full access to your device. Even more terrifyingly, this small computer can be turned on or off at will by the threat actor.
Bruner’s X thread shows detailed 3D CT scans of the interior of the USB-C cable and the device, showing how the USB-C cable will still function normally, both charging devices and transferring data without any errors or other issues.
The cable was provided by researcher Mike Grover, who created the O.MG cable for security purposes. However, others with the necessary skills, supplies and technical expertise could create a similar cable and leave it in a public location in order to gather information or control devices in a similar way to the juice jacking attacks we covered last year.
How to stay safe
If you want to avoid accidentally plugging your smartphone or tablet into a hacker-controlled charging cable, the easiest and smartest thing you can do is to ensure you always bring your own cable with you. USB-C cables can be very small, so doing do won't take up that much room in your bag at all.
At the same time, you want to avoid cheap, third-party cables altogether. Instead, you want to use first party cables from Apple, Samsung or other phone manufacturers whenever possible. If you do have to use a third-party cable, make sure that it's from a reputable and well-known brand like Anker or Ugreen.
Another thing to consider is that if you just want to charge your device, using a wireless charger is a great way to avoid this problem altogether. However, your devices will charge a bit slower than they would with a wired connection.
Just like with cables, you also want to avoid using open USB ports when out in public. Hackers and other cybercriminals have started weaponizing public USB charging, so plugging your phone into a USB port at an airport or elsewhere is no longer recommended. If you're already bringing a cable, you might as well bring a charger to go along with it. GaN chargers are a lot smaller than your typical phone or laptop charger plus, they can charge multiple devices simultaneously.
When it comes to security, we often think about protecting our data and passwords as well as avoiding malware but stories like this one show that you also have to practice good cyber hygiene when out in the real world too.
