I wouldn’t give this cable to my worst enemy - O.MG Cable
Рет қаралды 2,650,291
Күн бұрынLevel up your desk game! Check out the Secretlab Magnus Desk Pro: lmg.gg/kdg6f
Play Cities Skylines FREE this weekend starting today at: lmg.gg/CitySC
The Rubber Ducky? Basic. The Flipper Zero? Child’s play. This is the O.MG Cable, a stealthy, powerful hacking tool that allows the attacker to log your keystrokes, access your device, and emulate both keyboard and mouse movements. It's priced accessibly for the average consumer, and could be used to juice jack your phone or laptop. How do you protect yourself from such a device?
Data Blocker Teardown: mg.lol/blog/data-blocker-tear...
Big thanks to the following creators for their code:
I-Am-Jakoby: github.com/I-Am-Jakoby
atomiczsec: github.com/atomiczsec
Discuss on the forum: linustechtips.com/topic/15059...
Buy an O.MG Cable from Hak5: shop.hak5.org/collections/mis...
Purchases made through some store links may provide some compensation to Linus Media Group.
► GET MERCH: lttstore.com
► LTX 2023 TICKETS AVAILABLE NOW: lmg.gg/ltx23
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
► OUR WAN PODCAST GEAR: lmg.gg/wanset
FOLLOW US
---------------------------------------------------
Twitter: / linustech
Facebook: / linustech
Instagram: / linustech
TikTok: / linustech
Twitch: / linustech
MUSIC CREDIT
---------------------------------------------------
Intro: Laszlo - Supernova
Video Link: • [Electro] - Laszlo - S...
iTunes Download Link: itunes.apple.com/us/album/sup...
Artist Link: / laszlomusic
Outro: Approaching Nirvana - Sugar High
Video Link: • Sugar High - Approachi...
Listen on Spotify: spoti.fi/UxWkUw
Artist Link: / approachingnirvana
Intro animation by MBarek Abdelwassaa / mbarek_abdel
Monitor And Keyboard by vadimmihalkevich / CC BY 4.0 geni.us/PgGWp
Mechanical RGB Keyboard by BigBrotherECE / CC BY 4.0 geni.us/mj6pHk4
Mouse Gamer free Model By Oscar Creativo / CC BY 4.0 geni.us/Ps3XfE
CHAPTERS
---------------------------------------------------
0:00 Intro and Features
3:43 Data Infiltration and Exfiltration
4:45 Getting around passwords
5:56 Extended Data Exfiltration
6:57 Self Destruction
7:51 DANGER! (Protect Yourself)
10:15 Why is this allowed?
11:46 Conclusion
@LinusTechTips Жыл бұрын
You know what else is less than the price of an LTT Backpack? A FREE weekend of Crusader Kings 3 starting May 11th. Build your dynasty at: lmg.gg/CK3CS
@justaweeb14688 Жыл бұрын
“All for less than a backpack from Ltt store” that doesn’t really give you a good idea lol
@zjemueller6643 Жыл бұрын
nope
@costafilh0 Жыл бұрын
Nah
@charlotteinjp Жыл бұрын
A while back I picked up a micro-usb charging cable in a parking lot before this really became a hot topic and considering my extensive amount of micro-usb cables I can't remember which one it is to get rid of it. Should I be worried? PS: This was like 4yrs ago
@cal298 Жыл бұрын
no
@mrgallbladder Жыл бұрын
To be fair, flipper zero already looks like a happy meal toy.
@Lord_zeel Жыл бұрын
And it can be used as a Bad USB device. Not exactly stealthy, but tucked behind a desktop computer tower it would totally work.
@SimonBauer7 Жыл бұрын
you finally wake up to what was already possible years ago.
@WiRA_Cinematic Жыл бұрын
When I first saw the Flipper Zero, I thought it was some sort of Tamagotchi and fidget toy combined....
@cepheusclips Жыл бұрын
Yeah, but considering that this cable is about $120 and the Flipper zero costs about $400, I'd say that already makes the flipper zero a no go for most nefarious actors.
@Eyeball1975 Жыл бұрын
To be faaaaiiirr.
@PinkDreemurr Жыл бұрын
At this point im 99% convinced these security videos are the LTT equivalent of security awareness training after the hack.
@Kaotix_music Жыл бұрын
To be fair he talks so much about computers, but very rarely talks about cyber security. I do cyber security on the side and people find it so scary how easy it is to hack anyone today. Security went the opposite, it never got better…it got way worse.
@cyko5950 Жыл бұрын
at least this doesnt have the soulless coporate jingle
@ticenits1926 Жыл бұрын
It's shilling, these are all just thinly veiled advertisements for products
@crackdog1914 Жыл бұрын
@@ticenits1926 can you shut up please? no one wanted your input.
@DanielFerreira-ez8qd Жыл бұрын
@@ticenits1926 "shilling" he says. Yeah I love shilling for security knowledge. STAY SAFE GUYS, I'M BEING PAID TO TELL YOU IMPORTANT INFORMATION
@RuiSilva450 Жыл бұрын
Mike created the perfect ecosystem. 1. Create the problem 2. Create the solution 3. Profit
@gabeherath9718 Жыл бұрын
Would be somewhat tempted to plant a cable that just opens notepad and warns against using random cables if not for the price.
@_____alyptic Жыл бұрын
That would be hilarious if you could catch someone's reactions
@LonneLpp Жыл бұрын
Plant a cable that opens a notepad to warn against random cables & in the background have their webcam open proceeding to download the short video file of them reading that; finally opening the video to themselves reading. This would be a SHOCKER and great content hahaha
@kennythompson9682 Жыл бұрын
@@_____alyptic Make the first line _"SAY CHEESE!"_ and make it take a picture with flash and shutter sound on and send you the picture 🤔😂
@AlexVanChezlaw 11 ай бұрын
That's very reddit of you, have some gold stranger!
@nicolaicornelis2853 Жыл бұрын
As someone who recently sat awake all night, naked, trying to log someone else out of their KZbin account, I'm sure Linus loves that this tool exists.
@richieqs7789 Жыл бұрын
🍓🍓🍓
@duckers0123 Жыл бұрын
Well done
@ToxicMothBoi Жыл бұрын
I hope the being naked part was needed for logging out
@Dr_b_ Жыл бұрын
@@ToxicMothBoi it was needed for logging
@B3RyL Жыл бұрын
I'm pretty sure that's the reason he's doing a video on hacking tools in the first place. Awareness of the threat is the first step to combating it.
@wisteela Жыл бұрын
I love that he had to create a device to detect his own cables.
@flameshana9 Жыл бұрын
Totally had to. And had to sell these for a lot of money
@wisteela Жыл бұрын
@@flameshana9 The high price keeps them out of the hands of many. Good thing.
@O.MG-MG Жыл бұрын
@@wisteelathere is more truth to that than most people realize. I have several cables that were found in the wild. They are all… let’s just say very behind.
@NezzConstantine Жыл бұрын
Create problem, sell solution :p
@martin0499 Жыл бұрын
He made his own Kryptonite
@Samanthayeoqy Жыл бұрын
I would much prefer someone selling it publicly versus them selling it privately. The flipper and OMG cable is making it known that this could happen and we could learn to defend ourselves. Way better than not knowing till after the fact.
@evolicious Жыл бұрын
They are not a real threat regardless. Just pen testing toys for basic netsec education.
@MotoX2official 5 ай бұрын
Realistically nobody is going to go through that much effort for a normal persons info, this would be much more useful to use against companies
@the_undead 4 ай бұрын
People who despise these devices existing don't understand how dangerous this kind of stuff is or physical security for that matter, there are attacks that have existed for over 70 years (and when I say have existed I mean there is absolutely no way the manufacturer did not know for that amount of time) that are still absolutely doable on relatively high-end locks today. The design flaws that allow these kinds of devices (mostly the flipper zero but the omg cable a little) will not be patched if there is not outrage at the design flaw
@JigglypuffTutorials Жыл бұрын
Can totally see in a few years amazon or ali express being full of cables like this if these exploits aren’t taken care of. Maybe O.M.G is doing the right thing.
@bcostin Жыл бұрын
Unless Amazon cleans up their sloppy practices that's definitely going to happen. It probably is already happening.
@variablenine Жыл бұрын
Not just online shopping but I could see this getting planted in places like gas stations as well. Scary stuff.
@hollytaylor5327 Жыл бұрын
By providing the threat? The link is in the description. The hypocrisy no one is seeing is astounding.
@variablenine Жыл бұрын
@@hollytaylor5327 better to make something like this, be open to everyone about how it works and let it be researched than for someone else to make this with terrible intentions and blindside tons of businesses
@Outwardpd Жыл бұрын
@@hollytaylor5327 They make these products for actual security testing purposes as they explained in the video. But yes by making them generally available you're putting the threat out into the real world which means companies are forced to take the threat seriously. Besides you can't just buy these and go on a crime spree, even buying these products absolutely puts you on a list.
@jediguy634 Жыл бұрын
As someone who works in a large company IT department. Mike has a good point, most cyber criminals don't need to go through that kind of hassle. Its staggering at the amount of people (who swear they didnt click anything) get their work computers infected that i have to pull, wipe, and re-image. Our company cyber security team also sends out test phishing emails randomly and it always catches people.
@alexoja2918 Жыл бұрын
I find it very hard to get a work computer infected with anything, can't do shit anymore 😂
@TheManelich Жыл бұрын
it's like stopping a boat made of Swiss cheese from sinking there will be always someone doing the wrong thing at the wrong time.
@tzxazrael Жыл бұрын
"I DIDN'T CLICK NOTHIN!!" ..."Sir, I am right here beside you. I just watched you click seven differnt things just because they had blinky pictures." "I DIDN'T CLICK IT!" ..."Sir, I can -hear- your mouse clicking."
@dragoslove Жыл бұрын
I know better and accidentally clicked a phishing link recently. Fortunately it only went to a fake login page and didn't download anything, but it was a pretty scary couple minutes.
@OriflammeGaming Жыл бұрын
I had a laptop that was in the middle of being reimaged and got infected 💀 Defender caught it but it was strange nonetheless. Mimikatz.
@DoubleSmackJacksSmackAttack Жыл бұрын
Our company's IT group does bi-annual "USB thumb drive left in the parking lot" tests and our staff has failed for the last 5 years LMAO this cable is definitely the least of their problems.
@Secret_Takodachi Жыл бұрын
sounds like your company is a PRIME cable target. People still plugging in random USBs is a "HUGE STUPIDITY HOLE" If they're that vulnerable to USB infiltrations I'd honestly feel very confident that if I dropped a little over a grand on ten of these in your company parking lot I could make 100x time my money back through a combination of personal blackmail & company hacks. but hey im just a ten year old kid or a 40 yo virgin trying to sound mean and scary right? yeah probably i mean... more than likely? or maybe.... lol this sh*t isn't hard or expensive (relatively) its just obscure. Once you understand the principles the primary limits are your own creativity and ethical standards.
@JiorujiDerako Жыл бұрын
@@Jake420 Why spend $100+ on an attack cable when the company can be infiltrated with some $5 USB sticks, is the point I think they were trying to make :P
@fermitupoupon1754 Жыл бұрын
I worked for a chemical company on a project and all of the production control machines were air gapped, used PS2 keyboard and mouse and had all of their USB ports stuffed with hot glue. Transferring data to those machines was done with special "data caddies" which were basically USB drives with a non-standard connector.
@truthdoesnotexist Жыл бұрын
if they start writing people up and cutting pay and benefits every time they fail the test they will gain IQ points real quick
@sgtkabukiman9411 Жыл бұрын
So, where do you work? Kidding. Saw a man in the street thing where they offered people candy for their workstation password. So many just handed it over no probs.
@yusinwu Жыл бұрын
"We'd better off learn about now while it's expensive, then later when it's cheap and it's too late." Well said, so well said
@theairaccumulator7144 Жыл бұрын
China has already reversed this from the day it came out, we'll see $10 versions in a few months.
@evolicious Жыл бұрын
lol, no. These sorts of tools can be made for $10. It's been cheap for years. It's not a real threat becasue these tools are not useful for actual targeted attacks.
@evolicious Жыл бұрын
@@theairaccumulator7144 It's been $10 for years already. Look at what Arduino offers, lol.
@yusinwu Жыл бұрын
@@theairaccumulator7144 these Chinese stuff works but they usually don't come with comprehendible docs, so I guess we're fine for now
@asj3419 Жыл бұрын
The NSA apparently had these back in 2008 (according to the ANT catalog leaked in 2013). COTTONMOUTH-I was a device that could load malware and act as a wireless bridge (for subverting airgaps) while being disguised as a regular USB cable connector. The price for making these things must have a dropped a bit, since the listed unit price was 20 300 USD.
@andorexurix2491 Жыл бұрын
It's expected for intelligence agencies to have access to these and more. But for normal people to, this is gonna be interesting to watch unfold.
@ErikTheAndroid Жыл бұрын
Security is one of the few fields where "spreading awareness" is actually a valid and worthwhile thing. These attacks exist whether we like it or not, so it is better to know about them so we can defend against them.
@paulknight5018 Жыл бұрын
Its also a field that can't be measured you cannot tell how many attacks awareness prevents.
@Felamine Жыл бұрын
My work CONSTANTLY reiterates never using the same password for your personal accounts as for your work accounts, to never giving your work passwords to phishers, to never using your work email to sign up to shady sites. Yet employees continue to do it.
@evolicious Жыл бұрын
100%. The only real attacks are social engineering. Remote hacks and such are hollywood tropes.
@caelestigladii Жыл бұрын
@@FelamineClearly not a problem with the “law” then.
@GRBtutorials Жыл бұрын
Few? What fields are there where spreading awareness is bad?
@cheeseisgreat24 Жыл бұрын
I feel like $100 per cable is already incredibly cheap for someone looking for a big payday by infiltrating some organization
@adrianvd6940 Жыл бұрын
Not only that, people backward engineer this stuff all the time, so I could see a slew of people making "copies" of this tech, and it not only being cheap but unknown because they will only use it for themselves
@moji3812 Жыл бұрын
Yeah
@chiranjeevsahoo4960 Жыл бұрын
not just for an organization, but for an average joe with a vendetta as well. It may be expensive for throwing it on the road or using it for general attacks like in a hotel. It's perfectly viable for a targeted attack. I can see a disgruntled ex slipping it in.
@horntx Жыл бұрын
Sending an email costs 0$ though and is more likely to work, less likely to be traced back to you (if you know what your doing), and is likely to give you more access. Walking out with a computer or hard drive costs 0$ and is more likely to work and much less skilled, and if you are vulnerable to physical attacks someone could pull it off. Plugging in a normal keyboard costs 20$ and while there are some things you can't do with it, (remote connection) you could still do damage. I love it when LTT covers these tools because they are fun to play with. But I am much more worried about phishing as an attack vector than physical attacks with tools like this. These tools are not going to shift how we defend networks because they are simply slightly flashier more advanced versions of existing threat vectors.
@kebien6020 Жыл бұрын
Yeah, but sending a couple hundred of phishing emails and text messages is cheaper, easier and safer for the attacker. (safer in terms of remaining anonymous). You'll only get to the fancy stuff, like physically infiltrating the place and leaving a malicious cable lying around, once all of the boring and cheap stuff is exhausted.
@secret-alias Жыл бұрын
This sounds like a stress test that went on at LMG where they planted a cable that got used and then there would've been a seminar around 'security in the workplace', followed by 'That would make a great video' 😂😂
@hehebruh893 Жыл бұрын
Mike creating a problem and also providing a solution is a genius way to sell stuff
@itsyaboikirbo Жыл бұрын
doesnt get more textbook than that, well played to him
@sctsmith Жыл бұрын
That's the governments way.
@silent-killer429 Жыл бұрын
Still a pos
@castform57 Жыл бұрын
Technically it could be classified as racketeering, but there are some qualifiers for that.
@Ikxi Жыл бұрын
Well, it's just a detector. Not a full blocker, so, no solution really lol Could still just instantly execute scripts.
@bobthebuilder7059 Жыл бұрын
2:43 I appriciate the editor using different TF2 payloads as a way to show it can carry multiple.
@nika_0 Жыл бұрын
THE CART IS SUPPOSED TO GO *FORWARD!*
@bobthebuilder7059 Жыл бұрын
THE CART IS REACHING THE FINAL TERMINANCE!
@manitoba-op4jx Жыл бұрын
MEDIC!
@aircatredstang9006 Жыл бұрын
GET TO THE CART MAGGOTS!!
@HeroRareheart Жыл бұрын
Who's not pushing ze cart? I want the names!
@Neavris Жыл бұрын
The name of the NSA implant this is inspired from is called COTTONMOUTH. A USB cable with wifi remote control in the type-A end. It was in the TAO catalog released in late 2013 iir.
@xenostim Күн бұрын
WHAT this is awesome. thank you, non-descript commenter
@Jessie3985_ Жыл бұрын
I love that the creator had to make a malicious cable detector lol
@Grot3sque Жыл бұрын
15 years ago my brother warned me about this stuff.. Ever since i've never used public charging and only use my own brick and cable xD sometimes a brother with a tinfoil hat is a good thing. Miss him tho
@Secret_Takodachi Жыл бұрын
its the worst part about being a cynic. You don't want to be right. But you know you are. Your brother sounds like a wise man. As someone with 3 younger brothers to protect (even if they don't realize they still need it) you have my respect from one brother to another.
@jarryjackal3827 Жыл бұрын
@@Secret_Takodachi if his brother said that 15 years ago he isn't wise. Its probably the first thing that came true that he said.
@GasquatchGutty Жыл бұрын
@@jarryjackal3827 your comment is just as presumptuous as the one you’re criticising
@peachulemon Жыл бұрын
I wonder how much data can be transferred when just charging? Android phones ask before data transfer over usb would that not prevent some of from accessing data?
@Sonar90 Жыл бұрын
@@jarryjackal3827 hacking has been around far longer than the early 2000s. Just cause a method is widespread enough to get onto LTT now doesn't make it new. Don't you remember those good ol days when they warned ya not to put strange CD's into your disk drive, or those sketchy floppies with some guys sick new beats from the subway?
@Neoxon619 Жыл бұрын
And that’s why I always carry my own cables. If anything, this video couldn’t be timed better since I’m headed downtown for the day & had to pack some chargers.
@danyal_assi Жыл бұрын
Toileg
@josephcronin2965 Жыл бұрын
I like how you say"against"
@itIsI988 Жыл бұрын
@@danyal_assi Ratio
@josephcronin2965 Жыл бұрын
Wow with that price it may make him a lot of money
@Ladioz Жыл бұрын
Why bother taking electronic devices with you? Go there without them, keep them at home. You'll be 100 times happier
@zigzatuzoo Жыл бұрын
I'm glad your covering this. I saw these and picked one up at DefCon last year and have been messing around with it, it's a GREAT Red Teaming tool, especially if it's more than just a single day op. You can either connect it yourself or leave/swap it on a desk when your doing a "scheduled unscheduled audit" or something similar. (I'm a professional pentester not just breaking into tech companies without permission)
@uplink-on-yt Жыл бұрын
One day we'll encrypt USB with keys that we upload to devices ourselves. Setting up a keyboard, mouse, USB stick, etc. will become crazy complicated just to keep bad guys out. And they'll still find a way.
@Checkmate_Edits Жыл бұрын
"It makes flipper zero look like a happy meal toy" For some reason I can't even explain why I laughed so hard there 😂
@smartydude727 Жыл бұрын
Lol me too
@WSAnderson Жыл бұрын
.... because the flipper zero DOES look like a happy meal toy? I don't think the cable has anything to do with that...
@FlyboyHelosim Жыл бұрын
Flipper Zero does already look like a Happy Meal toy though. LOL
@EdgyShooter Жыл бұрын
The video says uploaded 1 hour ago with your comment being made two hours ago 😅
@Checkmate_Edits Жыл бұрын
@@WSAnderson Exactly LOL
@daviddamasceno6063 Жыл бұрын
Not sure if there is a phobia name for "fear of cables" but I'm sure we're gonna need one.
@hubertnnn Жыл бұрын
Its called Apple. Though it could just be phobia of mini-jacks
@MotoDash1100 Жыл бұрын
Cablaphobia Pronounced Kay-blah-phobia
@nightyk6 Жыл бұрын
I'm just glad I decided to keep those 2 boxes full of cables for the last 20 years of my life! ... who am I kidding, it's more like 4 crates.
@flameshana9 Жыл бұрын
@@MotoDash1100 I lol'd. Thank you.
@dassault7618 Жыл бұрын
@ChillingSpree give it two and it’ll be another gender lol
@sorianodan Жыл бұрын
New fear unlocked, thank you linus!!
@epicdrew1634 Жыл бұрын
Please do more videos like this, so people can learn more about it.
@evolicious Жыл бұрын
It's misinformation based on a bad understanding of real world netsec, and shilling to sell a product. LTT are the last people to give out netsec advice.
@LaczPro Жыл бұрын
Man, the ending about those getting cheaper, that gives the chills. Love to see security content like this on the channel. It's way more important than people think it is.
@brianwest2775 Жыл бұрын
Once one person does it, then the copycats will try cheaper versions, but perhaps not as full featured.
@chiranjeevsahoo4960 Жыл бұрын
It's not viable for general attacks but perfectly viable for a targeted attack. If someone wants to harm you they will harm you, money is not a problem for those cases.
@evolicious Жыл бұрын
These devices pose zero threat in the real world. Don't buy into LTT's fear mongering. They are selling a product.
@evolicious Жыл бұрын
@@brianwest2775 Devices like this have been $10 for years, it's nothing special or new. They are useless in the real world.
@evolicious Жыл бұрын
@@chiranjeevsahoo4960 Targeted attacks need to be far more sophisticated for a remote attack. Anything worth while is going to need a physical compromise to be worth using a remote tool. Which is pretty much non-existent for years already.
@ScorelessPine Жыл бұрын
I almost worry that people are going to try and slip these into things like Ebay or Amazon listings or returns, they look good enough to be official and nobody would think twice about using the charging cable that came in the box with their new phone.
@GeneralNickles Жыл бұрын
Yeah, but anyone trying to save money by buying a phone on ebay probably isn't rich enough to be a worthy target of such an attack. It would largely be a waste of the attackers time and money more often than not.
@Khronogi Жыл бұрын
@@GeneralNickles I disagree. Scammers gonna scam.
@beerfarmer1828 Жыл бұрын
You didnt check the price of the cable. Dont be stupid, no scammer will spray and pray with it.
@GeneralNickles Жыл бұрын
@@Khronogi yeah, but scam what, though? If they put ransomware on some random middle schmuck's computer, then said schmuck would probably just go get a new computer. Stealing banking credentials isn't gonna accomplish much, because they probably don't have much to steal in the first place. It would almost always end up being a waste of time and money.
@oryxland3994 Жыл бұрын
@@Khronogi It's $120 USD, no scammer is going to pay that much in the hopes that some random person will use it and have anything worth stealing. Scammers succeed by casting a wide net that doesn't cost them much if anything, like phishing emails, not by by spending over $100 per target.
@Josh20777 Жыл бұрын
These kind of videos are great! Really interesting and genuinely helpful! Keep them coming
@David-mw8vr Жыл бұрын
i have 2 of these. glad to see hacking tools recent in videos. love it
@savagepro9060 Жыл бұрын
Linus: I wouldn’t give this cable to my worst enemy Also Linus: but whoever hacked us is an exception!
@KrillinInTheNameOf Жыл бұрын
Linus: But I'll happily give it an incredible amount of free advertising!
@alexturnbackthearmy1907 Жыл бұрын
@@KrillinInTheNameOf So you prefer to be NOT informed and caught in panic wave or be the victum when shit hits the fan?
@KrillinInTheNameOf Жыл бұрын
@@alexturnbackthearmy1907 I'm not sure what this has to do with being opposed to him promoting actual products. He could warn people about the risks of these types of devices without showing every wannabe hacker exactly where to get a product like this.
@Lizlodude Жыл бұрын
@@KrillinInTheNameOf I mean I searched for "hacking USB cable" and got the OM.G and Ninja as the first results, with a public storefront, so I don't think that barrier to entry is really valid.
@210Artemka Жыл бұрын
0:46 "All for less than a price of a backpack" A 250$ backpack!
@REAL-UNKNOWN-SHINOBI Жыл бұрын
A backpack that may or may not still have no warranty.
@nsevv Жыл бұрын
lifetime warranty?
@crimsonkarma13 Жыл бұрын
the rubber ducky, omg cable, and flipper are amazing items. they are really cool
@neobscura Жыл бұрын
I knew about most of this but the take away at the end (better to learn about it now, than too late) makes this video a goodie.
@levylok333 Жыл бұрын
Thank you for teaching us about things like this! I'm a computer salesman, and a lot of people come to me with cybersecurity and ask for my knowledge. So when it comes to things like these, you said it first, it's better know about it as early as possible to prevent people of having these encounters. Have a nice day Levy
@alexmerand288 Жыл бұрын
couldnt agree more
@noth606 Жыл бұрын
People are dumb, it can't be fixed... I could grab a USB stick, load up an autorun attack tool on it, and almost everyone would pick it up off the street and plug it in. By making it throw a popup saying it's not compatible and to try another computer I could get them to infect everything they have access to. I'm in IT and security now, because I used to wear a different hat before and know how it's done, there is a near infinite mountain of attack vectors to use and the way to protect against them is isolation mostly.
@JamesTM Жыл бұрын
My biggest worry about these is how easy it is to inject fake or knock-off items into Amazon's listings or inventory. It's entirely plausible that an attacker could mock up a few of these to look like some reputable brand and then sell them on Amazon to unsuspecting people. I've gotten fake stuff from "Ships and Sold by Amazon" listings, so it's not just a matter of avoiding dodgy listings. Too expensive to be worth it now? Probably. But that won't last long.
@flameshana9 Жыл бұрын
People are saying the chips only cost a dollar. So there's nothing to stop them from it.
@housemouseshorts Жыл бұрын
allready made its way into best buy disgused as legit products. People buy a real one. replace it with this then return the product to the store.
@nobodynoone2500 Жыл бұрын
@@flameshana9 Pretty sure its just an esp32 or something.
@Souchirouu Жыл бұрын
I expect that someone like Apple or Samsung don't make their own cables in house. If the company they buy these from wanted they could include cables like this with every smartphone these companies sell. Then wait until their cables are everywhere or until they are found out and then ransom every device.
@TheNpcNoob Жыл бұрын
@@Souchirouu Thank you for that idea…
@philtkaswahl2124 Жыл бұрын
"Get a data blocker." And then these things start being made to imitate the look of popular data blockers, if they haven't already.
@daniel_petrica Жыл бұрын
Love paradox games, I totally recommend them and loved this sponsor
@Struders Жыл бұрын
Wow.. "Best to learn about it now when it is expensive rather than later when it's cheap and too late" is probably the best line from an LTT video.. like ever!
@StreetPreacherr Жыл бұрын
No kidding. Even the ELITE version is ONLY $199.99, that's CHEAP for something with such nearly limitless functionality!
@housemouseshorts Жыл бұрын
It still won't matter
@myhandlewastakenandIgaveup Жыл бұрын
I will be bringing both my own charging brick and cable everywhere going forward. The world is getting scary.
@I_am_a_coder Жыл бұрын
No I don't fucking care
@resneptacle Жыл бұрын
Always has been
@xwiick Жыл бұрын
@@resneptacle yup nothings really changed just method
@Call_Me_David Жыл бұрын
@@xwiick Yep. They've been warning about using public USB charging stations for almost as long as they've been a thing.
@CraftingCake Жыл бұрын
Android phones block data transfer until you explicitly allow it. Unless you’re running Stone Age Androids, I don’t see an issue.
@LegendRed01 Жыл бұрын
Glad stuff like this keeps me working
@stoneridgezutt5088 Жыл бұрын
super glad linus tech tips is reviewing hacking tools or at least bringing attention to them.
@chalor182 Жыл бұрын
Juice jacking is an absolutely perfect hacking term in the classic style. Reminds me of phone phreaking
@leodellore5360 Жыл бұрын
It is a nuclear bomb
@danyal_assi Жыл бұрын
Toilet
@hman6159 Жыл бұрын
Yes
@DamyanTanev Жыл бұрын
Валидно
@largewallofbeans9812 Жыл бұрын
fish
@zaneandre6387 Жыл бұрын
Ka-boom!
@IGN_OFFClAL Жыл бұрын
I get that mike is on the up and up... but when they said he made a cable to detect malicious cables... I got some very "we created a disease to sell an antidote," vibes
@stepanpilar4105 Жыл бұрын
Thanks for the video as a wake up call. I knew that plugging in any usb device or flash drives found on the street would be a dumb thing to do. But I had no idea until now, that even just a cable can be malicious. They always seemed really benign to me.
@ThisMarv Жыл бұрын
In regards to juice-jacking, I miss the micro USB cables we had at Google, by default they were charging only and had a physical switch to enable the data lines of the cable if you needed to transfer data. Sadly they never made USB-C versions
@sylviam6535 Жыл бұрын
There are type A charge only USB adapters. You could use one of those with a tape C to type A adapter. You’ll probably lose charging speed, but at least you can use it in an emergency.
@andybrice2711 Жыл бұрын
It occurs to me that using USB for charging, data, and input is actually quite a security flaw. I know some large companies just disable USB drive support on all computers. Now I see why. Perhaps SD cards are actually safer, because they can only be storage.
@sylviam6535 Жыл бұрын
@@andybrice2711 - It’s more serious than data. USB is a bus, just like the PC Express bus, which means that it can add devices to your PC.
@florentcastelli Жыл бұрын
@@sylviam6535 Having a single button is way more convenient than having to add / remove the "USB condom" (as some call it) each time you want to toggle data on or off. I miss those cables too!
@sylviam6535 Жыл бұрын
@@florentcastelli - I am not sure that a physical switch would work on USB type C. They would probably need to insert a chip to deal with the additional complexity.
@festro1000 Жыл бұрын
Juicejacking makes sense considering the term juice is synonymous with power; leaving a "charger cable" at a diner would be a really effective means of attack especially if the victim believes that cable is the only means of keeping their device charged. Take a McDonalds near our location for example, they have only one seat adjacent to an outlet, if an inconspicuous cable is just sitting there and their phone is about to die chances are they aren't going to spend the time to dig around for their own cable (if they have one).
@vladislavkaras491 Жыл бұрын
Did not expect that for a cable. Thanks for the video!
@ihatemylifew.g29 Жыл бұрын
I really like the channel I like the way you explain everything it's really cool! Thank you
@CarputingYT Жыл бұрын
I never thought we'd need this, but here we are - I think "Plug and Play" in Windows needs to be updated to have some sort of hardware security or something, god knows how that could ever be figured out, goodluck Microsoft
@danyal_assi Жыл бұрын
Toilet
@juubilo1509 Жыл бұрын
@@danyal_assi stop spamming, you arent funny
@heyspookyboogie644 Жыл бұрын
It’s not possible. A computer is useless without some way to interact with it. If a person can interact with it, then anything that emulates a person interacting with it can too. The best that can be done is a cat and mouse game trying to detect exploits, etc. but that will never stop someone being able to go to a website and download software or run software written on the machine itself.
@gredystar8333 Жыл бұрын
I mean, it would be nice to have the option. but on the other hand, these devices can mask themselves as pretty much any device out there. so even if windows gave you an alert or something that the device named "xx" was connected and you need to accept a prompt to continue, this could just name itself the same as the device and most people would not ever see anything wrong with that.
@ali32bit42 Жыл бұрын
it would likely mean making billions of USB devices uselsess and obsolete since they dont have any way to verify themselves to the new security system
@andrewjmarx Жыл бұрын
Another use case where this could be problematic is people getting these cables for their partners/friends/family members as a way to spy on them. "Hey honey, have you seen my charging cable?" "No. But you can use this extra one I have."
@RusticRonnie Жыл бұрын
im gonna use thumbnail to soy on myself. Finally gonna know what the fuck i do all day
@Programmdude Жыл бұрын
Generally if you're going to spy on your loved ones, you'd also have physical access to the devices they use too. Sneaking in a USB device into the back of their desktop or laptop is going to be easier and cheaper than ensuring they use your cable.
@truthdoesnotexist Жыл бұрын
@@Programmdude yes but when it comes down in price it would be less phishy and a cheap way to get into the person phone which these devices target also
@greenanubis Жыл бұрын
People have been hacking each other since people exist. Its even common to treat ideas and thoughts like this usb cable, like a threat. And sometimes they are. This tech is interesting, nonetheless.
@RJRC_105 Жыл бұрын
Already exists. Use of a hardware keylogger on your partners PC to spy on them for abusive purposes has been a thing for years. Most people won't notice something in the back of their machine that wasn't there before.
@scriptles Жыл бұрын
I got one of these cables, and one of the plug versions as well. They are freakin awesome.
@imovedurt Жыл бұрын
I won’t lie this thing is flipping insane… so much packed into such a tiny device
@jonogrimmer6013 Жыл бұрын
Most things are less than the LTT backpack 😂
@mahdi9064 Жыл бұрын
for real 😂
@thebestmaidens Жыл бұрын
My thoughts exactly
@benwu7980 Жыл бұрын
another thing that's cheaper than that backpack...is this segue
@MotoDash1100 Жыл бұрын
Kriega R30: $275 USD and made from abrasion resistant textiles, has a fantastic system for distributing weight and staying on, as well as 30 liters of space and having a massive 100% Waterproof compartment. Linus: how 'bout none of that BUT it's $25 USD less expensive.
@The__Mask Жыл бұрын
The Scary part would be when it gets cheap enough that an Amazon 3rd party starts selling these as regular usb cables.
@kolobokkolobol8774 4 ай бұрын
😂
@DooMRunneR Жыл бұрын
People called us paranoid when we rolled out centralized authentication of USB devices in our company 😂
@NatVoisey Жыл бұрын
Incredibly terrifying. Glad you put orange on the scary cables.
@alejandroreyes9574 Жыл бұрын
I feel the argument that it is a warning is pretty weak when it's being sold...
@vagner995 Жыл бұрын
This is just plain dangerous. Thanks techies for making my day less anxious and safer.
@oldtools6089 Жыл бұрын
You're welcome. As consolation, you don't need to be afraid of hackers trying to compromise your systems until you have data worth stealing. Are your memories safe? I sell zero-day exploits on bug-bounty forums. Secure your bad ideas and protect the future of disinformation.
@rebchizelbeak5392 Жыл бұрын
@@oldtools6089 assuming you don’t have information worth stealing is this first mistake. Do you have a social security number? Then you have information worth stealing. That number is worth a lot of money.
@chiranjeevsahoo4960 Жыл бұрын
@@rebchizelbeak5392there's also a factor of "have you made any severe enemies to go to these lengths".
@rebchizelbeak5392 Жыл бұрын
@@chiranjeevsahoo4960 no. I know people that have had their SS number or cards stolen with no enemies. Those are worth thousands.
@alexturnbackthearmy1907 Жыл бұрын
@@rebchizelbeak5392 And are profitable even at this cost
@sk-sm9sh Жыл бұрын
0:40 you made it sound like we shouldn't buy your backpack as it's more expensive than this state of the art hacking tool lol
@weswheel4834 Жыл бұрын
I liked the advert at the end, suggesting you can hide your cables away. After Linus had explained that cables that weren't easily visible would be easier to compromise :)
@nysiy5360 Жыл бұрын
Love the recent security focused videos. Please keep them coming.
@jessebraughler8594 Жыл бұрын
Always cool to see LTT do a more simplified overview of HAK5 tools. Might be cool to see a cybersec spinoff channel so a bigger channel like yours can help spread awareness.
@Zejjnt Жыл бұрын
Awesome video, I was just looking at this a month ago.
@josiahspackman8754 Жыл бұрын
I respect the Hunter2 reference. You know you're old when the BashOrg references give you a good chuckle
@TylerMcVeigh1 Жыл бұрын
I feel like the quote, "Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should." best applies to this cable.
@joshbittner Жыл бұрын
This cable should be a crime
@ForeverHobbit Жыл бұрын
@@joshbittner ethen hackers that need one will just make their own, You ren't solving the problem
@PartikleVT Жыл бұрын
The problem with that saying is (skipping the whole scientists vs engineers, the tech isnt new the application is) not that this is a unique tool developed by some masterminds. It's common tech thats been packaged and branded for the consumers. CIA had this tech 10 years ago and so did probably other state funded organizations as well. It's only a matter of time before you can buy it from aliexpress for a dollar. Creating this product and bringing this design flaw in USB to the light of mass audiences does more good than harm to the world collectively.
@SivaKanthSharma Жыл бұрын
No, what applies better is “security through obscurity is no security at all”. OMG didn’t create this attack vector, he made it accessible to everyone and raised awareness that this exists. Now more people will be on guard, look at this and work on mitigating this.
@fishontheinternetz3641 Жыл бұрын
@@ForeverHobbit "not solving the problem" is not an invitation to make that problem even worse.
@r4z0rb4ck. Жыл бұрын
I've said it before, I absolutely love the security videos.. please continue to make them.
@evolicious Жыл бұрын
They are more or less fearmongering misinformation. These tools are useless in real life and pose zero threat. They have been around for years for $1, and there have never been any recorded accounts of these attacks being used on anyone.
@ferryvantichelen6521 Жыл бұрын
Unexpected extra advantage of the smaller USB-C plug: harder to put this stuff in (for a short while at least). Very interesting though, both from a technical perspective to see what crazy sht is possible as well as how to protect against it, thanks!
@User-kq3od Жыл бұрын
"Hey man can I borrow your charger?" Then just give them back your involuntary backup cable.
@MinistryOfGeeks Жыл бұрын
If some random coder dude is releasing these at a reasonably accessible price, you can bet these have already been around for a while in a more secretive manner. Governments and other various agencies have likely been using these for years. At least now the public is aware that these are, in fact, a real tangible thing.
@flameshana9 Жыл бұрын
Pretty sure spy movies have been using these for the past half a century.
@WackoMcGoose Жыл бұрын
And the fact that the FBI is willing to _tell people this is a thing_ is a sign that to them, this method of exfiltrating data and hacking stuff is already *_obsolete_* by Three Letter Agency standards. Why spill the beans on a technique you're still actively using to spy on people?
Жыл бұрын
Yeah in my eyes what this guy is doing is making this accessible to security researchers and pen testers so companies etc can figure out how to defend themselves from it, rather than really creating a new attack vector or anything of the sort
@MCSteve_ Жыл бұрын
Yes this type of device has existed for many years, the company behind the usb rubber ducky has been around since 2005. Awareness is just bad, they've clearly made their point to the negligence of certain enforced security. In security, the biggest vulnerability to anything is physical access, with the right tools you can obtain anything. This is not just technology of course. Honest attackers are creative and sneaky who can be reasonably discouraged. Attackers with sledge hammers also exist. Keep your important belongings safe!
@Neavris Жыл бұрын
The name of the NSA implant this is inspired from is called COTTONMOUTH. It was in the TAO catalog released in late 2013 iir.
@fy7589 Жыл бұрын
Solid content. We need more of these especially from the big channels. Thank you!
@MrBradBull Жыл бұрын
I saw that hunter2 reference. Whoever slipped that in, well played.
@milnertechnologies9556 Жыл бұрын
5:25 "That's how we got to Dennis" *shows someone else* I was like wait that wasn't him, then read the caption.
@transcendant7000 Жыл бұрын
I can't wait to hear about the next LTT hack because someone watched this and thought "what if".
@hubertnnn Жыл бұрын
If I would live anywhere near I would definitely do this. On the other hand I hope dbrand will use one of those to prank Linus with their next "hacked" lineup
@Flynn217something Жыл бұрын
I thought about something like this the moment I started seeing "public use" cables/charging stations in airports, malls ect. and kept always bringing my own cable and brick. Friends and family said I was paranoid/crazy, to them I smugly tip my tin foil cap 😏
@benwu7980 Жыл бұрын
Oddly reminds me of the early days of free wifi access points at places like coffee shops etc and my warning to friends / family of how numerous the ways were that they can be malicious
@mikemcmike6427 Жыл бұрын
Wait til they start replacing the power plugs then you screwed
@HeroRareheart Жыл бұрын
I feel like these are probably similar to credit card skimmers. They are probably pretty abundant but the chances that we as an individual will encounter one are low.
@mrmoosetachio Жыл бұрын
@@mikemcmike6427 hence the adapters for power only that block the data channels on the cords
@poochyenarulez Жыл бұрын
The odds of someone using this on random nobodies at the airport is REALLY low.
@haniespanieldollis Жыл бұрын
Thanks for the info mate 🤛
@cyaneamusic. Жыл бұрын
This is mad , Love the Flipper Zero
@awesome9650 Жыл бұрын
As Mike said, the average person and probably does not have to worry about an attack like this right now because it's too powerful. "You don't aim a cannon to kill a fly"
@foldionepapyrus3441 Жыл бұрын
But when you are mass producing the cannon ball anyway, you may as well have a go...
@mola1.980 Жыл бұрын
These are not powerful. You can't do much with them. They are only useful if you know a lot about your target and want to get data on their computer
@danielfranz6560 Жыл бұрын
I dunno, I mean I think a fly is kind of a bad example though. You've heard the lengths people will go to kill a spider right?
@DialecticRed Жыл бұрын
@@MK73DS Yeah I've noticed that too, they really do charge slowly. Unfortunately for me, I've had a lot of accounts hacked because I've had most of them since I was a kid and didn't take any cyber security stuff seriously. My twitter account was taken over and now advertises knock off facebook glasses. I actually got the real ones as a gift once because my parents just thought I really, really wanted them because the account was constantly DMing all of my relatives and everything and was posting about it constantly. In reality, I find them creepy AF, so I've never used them.
@olanmills64 Жыл бұрын
This is such a weak argument. It would make sense if the device was $10k or needed a team of elite experts to operate. That's not the case though. Instead, this argument sounds like, "Why do I need to use passwords? I'm not valuable enough to be attacked" When attacking is relatively cheap, then it doesn't matter
@esbjornmonteliusrisberg6834 Жыл бұрын
8:50 " sif someone can walk in and take something, they can walk in and plant something" LTT's security are clear at risk seeing how much get taken from the office😂
@sriganeshd27 Жыл бұрын
mike's a legend, creates the best hacking cable and makes a profit from hackers and also creates a data warner and profits of people avoiding such hackers to hack them
@BruceKarrde Жыл бұрын
Here's an example I had during my trainings. I proposed the students to only share files and documents with approved or known team members of a contractor. If they didn't trust it, they should get in contact with the contractor using a phone number known by our company. I got laughed at and they didn't think it was serious. Next, another speaker shared a security awareness of not clicking links in an email. People were like "yeah, that makes sense". I'm like, why don't you take my warning serious, but this one you do?
@paulpardee Жыл бұрын
The way I see it, this was always a viable attack vector. If Mike didn't make his publicly available, someone else would be doing it in secret (and likely already has). If you don't know a threat is out there, you can't defend against it.
@gludlok747 Жыл бұрын
Except that he clearly doesn't care about the security aspect and he is creating THE NEED. He rationalizes heavily and his body language is visibly giddy about the potential chaos that he can sow by having a tool - that would normally cost substantially more and for good reason - much more accessible to the average populace who are willing to sacrifice their kidney for a goddamn $2000 GPU. For LTT to brush that aside while using it as an example was an "O_O are you serious?" moment. The irony of this is that he is apparently lackadaisical about it at home and was forced to create a counter-measure because his wife was getting tired of his bullshit. (Frankly, i'd just divorce the asshole.)
@RoshiGaming Жыл бұрын
@@gludlok747 who pissed in your cheerios?
@gludlok747 Жыл бұрын
@@RoshiGaming No one. Well.. not that i've noticed anyway. I just know bad news when I see it and I haven't felt this uncomfortable watching an LTT video ..ever. So I responded to a comment that helped formulate what I was thinking.
@LxciferXIII Жыл бұрын
@@gludlok747 you’re actually dumb. Nearly everyone who works in offensive security from pentesting to red teaming gets excited and giddy about new hacks and toys. Anyone else who is able to invent anything similar to that from Proxmark to the bash bunny has every right to be excited about what they achieved and it’s dumb to think that means anything about their attitude to security.
@housemouseshorts Жыл бұрын
@@gludlok747 the counter messure may actualy be just as bad as the creation. hes just not going to tell you. and make you think you are safe. thats the level we are at here.
@QualityDoggo Жыл бұрын
Great stuff! This type of attack has been possible for a while but to make it easier and streamlined hopefully will expedite countermeasures both in IT and personal awareness.
@danyal_assi Жыл бұрын
Toilet
@mobiusflammel9372 Жыл бұрын
It seems to me the proliferation of devices like this is going to, at some point, spur a harsher (possibly) international regulatory response.
@08mlascelles Жыл бұрын
Great, now I’m scared to plug things in! That’s all I needed! 😂
@Ornithopter470 Жыл бұрын
Hey LTT, y'all should do a video on the evolution of electronic spying tools (bugs like The Thing, or this new cable.)
@icy_liquidd1935 Жыл бұрын
Although I find this technology somewhat frightening. I am much more concerned with the fact that I never knew it existed to this point. The best way to protect yourself is to become educated on the topic. That is why I hope LTT continues to come out with great videos teaching us about nefarious methods an individual might use in the tech sector.
@flameshana9 Жыл бұрын
If education actually solved problems we wouldn't have them. The internet's been around for almost 3 decades but humanity is less educated than ever. They fall for the most obvious scams. Do you know how many times I have to tell my family not to do certain things on a computer/phone? They still don't understand not to immediately trust what they see. Pessimism is a better protection than trying to learn about all the different ways life can screw you over. Case in point, the guy who made this said there's many easier ways that are constantly being used. These methods are rare.
@housemouseshorts Жыл бұрын
you can't protect yourself. its out there
@caddyguy5369 Жыл бұрын
@@housemouseshorts Living the rest of my days out in the woods becomes a more enticing option with every passing day.
@xavy_ Жыл бұрын
the worst thing about this seems to be the fact that these cables are unmarked. amazon sellers could easily have some of these mixed in with a generic product
@reahreic7698 Жыл бұрын
Ding, Ding, Ding. Shared product bins is already an issue beset with with counterfeit knockoffs. The fact this exists at all should be a crime, and if not the engineers responsible should be mandated to carry liability insurance to cover any damages resulting from their product being used by anyone that's not a white hat.
@malborboss Жыл бұрын
Or someone could buy legit cable, replace it with one of those, and return it. Scarry but possible...
@altokers Жыл бұрын
@@reahreic7698 i feel like you're reaching a bit. This thing is only effective if the person who wants to use it is able to get close to the person. So what are they going to mix it in with legit cables and pray they get it sent to the person they want to attack?
@Henrik_Holst Жыл бұрын
@@altokers that and the cost would be astronomical
@zack9912000 Жыл бұрын
Dont buy stuff from amazon
@MichaelDude12345 Жыл бұрын
I remember the early development versions of the OMG cable... holy cow it has come a long way.
@O.MG-MG Жыл бұрын
❤
@jimbovitikan4848 Жыл бұрын
8:38 there are many tactics that physical pentesters use aside from lockpicking. you can look up tactics physical pentesters to see. this includes stuff like using common keys, slipping a piece of trash into a poorly installed door latch, etc.
@Addeatt Жыл бұрын
As much as I hate hearing what people are creating for less than honorable purposes, I do appreciate video's like this to inform the general public.
@dorasuncle2717 Жыл бұрын
I really wonder why someone would create something like this
@CorsairTrumpet Жыл бұрын
Love network security content definitely want more of this kind of content!!
@tranceonline Жыл бұрын
To be safe on public charging-stations, you could also just use power-only cables. Those don't have any Data-lines.
@LieseFury Жыл бұрын
USB-C cables all have data lines, they're what allow rapid charging.
@manicmods Жыл бұрын
The Malicious Cable Detector should have a "Destroyer" companion. I wonder how that cable would handle 30V 🤔
@GalaxyStation Жыл бұрын
While every other big KZbinrs are going to give its viewers same content at the same time, Linus always make a way for him by differentiating his content from others. Love you man!
@SwefoZ Жыл бұрын
I assume there is a new focus on cybersecurity over at LTT after the recent hack... good to see more content making that world more accessible in a responsible way. I studied academic Philosophy and the depth of the conversations around the cybersecurity world about code, ethics, and best practices is in the company of the deepest conversations I've ever ran across. Maybe LTT should talk to Steve Gibson over at the Security Now podcast.
@user-nf7jh3ym3z Жыл бұрын
I really like how this tools are there in this way, while faster and better the security evolves is better, is they are not shown, is almost sure someone else will be doing it, but will be hiiden to others, that is more risky than know this is actually possible and even we can buy one of them to prevent the attacks.
@__8120 Жыл бұрын
As an excellent comic pointed out, the real way bad actors get your passwords isn't hacking the mainframe and breaking the 2048-bit encryption blah blah blah, it's more like they phone you and say "hey this is Bob the password inspector" and bada-bing bada-boom
GiaoHeo
Рет қаралды 2,7 МЛН