I wouldn’t give this cable to my worst enemy – O.MG Cable

Level up your desk game! Check out the Secretlab Magnus Desk Pro:

Play Crusader Kings 3 this weekend starting May 11th:

The Rubber Ducky? Basic. The Flipper Zero? Child’s play. This is the O.MG Cable, a stealthy, powerful hacking tool that allows the attacker to log your keystrokes, access your device, and emulate both keyboard and mouse movements. It's priced accessibly for the average consumer, and could be used to juice jack your phone or laptop. How do you protect yourself from such a device?

Data Blocker Teardown:

Big thanks to the following creators for their code:
I-Am-Jakoby:
atomiczsec:

Discuss on the forum:

Buy an O.MG Cable from Hak5:

Purchases made through some store links may provide some compensation to Linus Media Group.

► GET MERCH:
► LTX 2023 TICKETS AVAILABLE NOW:
► GET EXCLUSIVE CONTENT ON FLOATPLANE:
► SPONSORS, AFFILIATES, AND PARTNERS:
► OUR WAN PODCAST GEAR:

FOLLOW US
—————————————————  
Twitter:
Facebook:
Instagram:
TikTok:
Twitch:

MUSIC CREDIT
—————————————————
Intro: Laszlo – Supernova
Video Link:
iTunes Download Link:
Artist Link:

Outro: Approaching Nirvana – Sugar High
Video Link:
Listen on Spotify:
Artist Link:

Intro animation by MBarek Abdelwassaa
Monitor And Keyboard by vadimmihalkevich / CC BY 4.0  
Mechanical RGB Keyboard by BigBrotherECE / CC BY 4.0
Mouse Gamer free Model By Oscar Creativo / CC BY 4.0

CHAPTERS
—————————————————
0:00 Intro and Features
3:43 Data Infiltration and Exfiltration
4:45 Getting around passwords
5:56 Extended Data Exfiltration
6:57 Self Destruction
7:51 DANGER! (Protect Yourself)
10:15 Why is this allowed?
11:46 Conclusion

admin2

69 Comments

Nicolai Cornelis

As someone who recently sat awake all night, naked, trying to log someone else out of their YouTube account, I’m sure Linus loves that this tool exists.

    Richie QS

    🍓🍓🍓

    Duckers0

    Well done

    F*CК МЕ. ТАР 0N MY РIC

    💀

    Toxic Neko

    I hope the being naked part was needed for logging out

    Dr_b_

    @Toxic Neko it was needed for logging

MrGallbladder

To be fair, flipper zero already looks like a happy meal toy.

    Josh Olsen

    And it can be used as a Bad USB device. Not exactly stealthy, but tucked behind a desktop computer tower it would totally work.

    F*CК МЕ. ТАР 0N MY РIC

    Simon Bauer

    you finally wake up to what was already possible years ago.

    SG

    When I first saw the Flipper Zero, I thought it was some sort of Tamagotchi and fidget toy combined….

    CepheusClips

    Yeah, but considering that this cable is about $120 and the Flipper zero costs about $400, I’d say that already makes the flipper zero a no go for most nefarious actors.

David Damasceno

Not sure if there is a phobia name for “fear of cables” but I’m sure we’re gonna need one.

    ChillingSpree

    Give it a year and it’s going to become an officially recognised condition

    hubertnnn

    Its called Apple.
    Though it could just be phobia of mini-jacks

    MotoDash1100

    Cablaphobia

    Pronounced Kay-blah-phobia

    Rasmus Pedersen

    I’m just glad I decided to keep those 2 boxes full of cables for the last 20 years of my life!
    … who am I kidding, it’s more like 4 crates.

    flameshana9

    @MotoDash1100 I lol’d. Thank you.

DoubleSmackJack

Our company’s IT group does bi-annual “USB thumb drive left in the parking lot” tests and our staff has failed for the last 5 years LMAO this cable is definitely the least of their problems.

    SirOjCrank

    it sort of sounds like this cable would be exactly the kind of attack your company is vulnerable to though based on the history you gave

    Jio Derako

    @SirOjCrank Why spend $100+ on an attack cable when the company can be infiltrated with some $5 USB sticks, is the point I think they were trying to make 😛

    Fermitu Poupon

    I worked for a chemical company on a project and all of the production control machines were air gapped, used PS2 keyboard and mouse and had all of their USB ports stuffed with hot glue.
    Transferring data to those machines was done with special “data caddies” which were basically USB drives with a non-standard connector.

    Truth Does Not Exist

    if they start writing people up and cutting pay and benefits every time they fail the test they will gain IQ points real quick

Scoreless Pine

I almost worry that people are going to try and slip these into things like Ebay or Amazon listings or returns, they look good enough to be official and nobody would think twice about using the charging cable that came in the box with their new phone.

    General Nickles

    Yeah, but anyone trying to save money by buying a phone on ebay probably isn’t rich enough to be a worthy target of such an attack. It would largely be a waste of the attackers time and money more often than not.

    Khronogi

    ​@General Nickles I disagree. Scammers gonna scam.

    beerfarmer

    You didnt check the price of the cable. Dont be stupid, no scammer will spray and pray with it.

    Oryx Land

    @Khronogi It’s $120 USD, no scammer is going to pay that much in the hopes that some random person will use it and have anything worth stealing. Scammers succeed by casting a wide net that doesn’t cost them much if anything, like phishing emails, not by by spending over $100 per target.

Pinka

At this point im 99% convinced these security videos are the LTT equivalent of security awareness training after the hack.

    KaotixMusic

    To be fair he talks so much about computers, but very rarely talks about cyber security. I do cyber security on the side and people find it so scary how easy it is to hack anyone today. Security went the opposite, it never got better…it got way worse.

    CYKO

    at least this doesnt have the soulless coporate jingle

    Tice Nits

    It’s shilling, these are all just thinly veiled advertisements for products

    Daniel Ferreira

    @Tice Nits “shilling” he says. Yeah I love shilling for security knowledge. STAY SAFE GUYS, I’M BEING PAID TO TELL YOU IMPORTANT INFORMATION

levylok333

Thank you for teaching us about things like this! I’m a computer salesman, and a lot of people come to me with cybersecurity and ask for my knowledge. So when it comes to things like these, you said it first, it’s better know about it as early as possible to prevent people of having these encounters.
Have a nice day
Levy

    Alex Merand

    couldnt agree more

Vagner Couto

This is just plain dangerous. Thanks techies for making my day less anxious and safer.

    oldtools

    You’re welcome. As consolation, you don’t need to be afraid of hackers trying to compromise your systems until you have data worth stealing. Are your memories safe? I sell zero-day exploits on bug-bounty forums. Secure your bad ideas and protect the future of disinformation.

Jesse Braughler

Always cool to see LTT do a more simplified overview of HAK5 tools. Might be cool to see a cybersec spinoff channel so a bigger channel like yours can help spread awareness.

Jedi Guy

As someone who works in a large company IT department. Mike has a good point, most cyber criminals don’t need to go through that kind of hassle. Its staggering at the amount of people (who swear they didnt click anything) get their work computers infected that i have to pull, wipe, and re-image. Our company cyber security team also sends out test phishing emails randomly and it always catches people.

    Siddharth

    whats to say the the sheer ready availability of it wont be exploited? i mean its like and open invitation … just plant a few cables in busses, cars, ubers, stations etc, and some random commoner will plug it in and there goes his life savings… what about such cases? we often do most of transactions from phone either way, could disable notifications and make transactions while we are unaware…

    TheManelich

    it’s like stopping a boat made of Swiss cheese from sinking there will be always someone doing the wrong thing at the wrong time.

    tzxazrael

    “I DIDN’T CLICK NOTHIN!!”
    …”Sir, I am right here beside you. I just watched you click seven differnt things just because they had blinky pictures.”
    “I DIDN’T CLICK IT!”
    …”Sir, I can -hear- your mouse clicking.”

    dragoslove

    I know better and accidentally clicked a phishing link recently. Fortunately it only went to a fake login page and didn’t download anything, but it was a pretty scary couple minutes.

Ministry Of Geeks

If some random coder dude is releasing these at a reasonably accessible price, you can bet these have already been around for a while in a more secretive manner. Governments and other various agencies have likely been using these for years. At least now the public is aware that these are, in fact, a real tangible thing.

    W B

    Yeah in my eyes what this guy is doing is making this accessible to security researchers and pen testers so companies etc can figure out how to defend themselves from it, rather than really creating a new attack vector or anything of the sort

    MCSteve

    Yes this type of device has existed for many years, the company behind the usb rubber ducky has been around since 2005. Awareness is just bad, they’ve clearly made their point to the negligence of certain enforced security. In security, the biggest vulnerability to anything is physical access, with the right tools you can obtain anything. This is not just technology of course. Honest attackers are creative and sneaky who can be reasonably discouraged. Attackers with sledge hammers also exist.
    Keep your important belongings safe!

    Neavris

    The name of the NSA implant this is inspired from is called COTTONMOUTH. It was in the TAO catalog released in late 2013 iir.

SavagePro

Linus: I wouldn’t give this cable to my worst enemy
Also Linus: but whoever hacked us is an exception!

    Dakoder II

    These things are a real threat If you work in government or any medium sized and above company with access to sensitive information. Don’t trust the cable you left in your suitcase in your hotel room when you stepped out for a minute is the same one you left there.

    Dan Lukens

    Linus: But I’ll happily give it an incredible amount of free advertising!

Struders

Wow.. “Best to learn about it now when it is expensive rather than later when it’s cheap and too late” is probably the best line from an LTT video.. like ever!

    Stan Lee

    No kidding. Even the ELITE version is ONLY $199.99, that’s CHEAP for something with such nearly limitless functionality!

    House Mouse Shorts

    It still won’t matter

Paul Pardee

The way I see it, this was always a viable attack vector. If Mike didn’t make his publicly available, someone else would be doing it in secret (and likely already has). If you don’t know a threat is out there, you can’t defend against it.

    Roshi

    @gludlok who pissed in your cheerios?

    gludlok

    @Roshi No one. Well.. not that i’ve noticed anyway. I just know bad news when I see it and I haven’t felt this uncomfortable watching an LTT video ..ever. So I responded to a comment that helped formulate what I was thinking.

    House Mouse Shorts

    @gludlok the counter messure may actualy be just as bad as the creation. hes just not going to tell you. and make you think you are safe. thats the level we are at here.

Wisteela

I love that he had to create a device to detect his own cables.

    flameshana9

    Totally had to. And had to sell these for a lot of money

    Wisteela

    @flameshana9 The high price keeps them out of the hands of many. Good thing.

    M G

    @Wisteelathere is more truth to that than most people realize. I have several cables that were found in the wild. They are all… let’s just say very behind.

    Nezz Constantine

    Create problem, sell solution :p

    martin0499

    He made his own Kryptonite

LaczPro

Man, the ending about those getting cheaper, that gives the chills.

Love to see security content like this on the channel. It’s way more important than people think it is.

    Brian West

    Once one person does it, then the copycats will try cheaper versions, but perhaps not as full featured.

Taylor Lively

I’ve said it before, I absolutely love the security videos.. please continue to make them.

Josh

This is the LTT we need more! So tired of high end graphics card reviews. Tech tips I can use. Keep it up Linus

cheeseisgreat24

I feel like $100 per cable is already incredibly cheap for someone looking for a big payday by infiltrating some organization

    Adrian vD

    Not only that, people backward engineer this stuff all the time, so I could see a slew of people making “copies” of this tech, and it not only being cheap but unknown because they will only use it for themselves

Leave a Reply

Verified by MonsterInsights