I wouldn’t give this cable to my worst enemy - O.MG Cable

“All for less than a backpack from Ltt store” that doesn’t really give you a good idea lol

nope

Nah

A while back I picked up a micro-usb charging cable in a parking lot before this really became a hot topic and considering my extensive amount of micro-usb cables I can't remember which one it is to get rid of it. Should I be worried? PS: This was like 4yrs ago

no

To be fair he talks so much about computers, but very rarely talks about cyber security. I do cyber security on the side and people find it so scary how easy it is to hack anyone today. Security went the opposite, it never got better…it got way worse.

at least this doesnt have the soulless coporate jingle

It's shilling, these are all just thinly veiled advertisements for products

@@ticenits1926 can you shut up please? no one wanted your input.

@@ticenits1926 "shilling" he says. Yeah I love shilling for security knowledge. STAY SAFE GUYS, I'M BEING PAID TO TELL YOU IMPORTANT INFORMATION

And it can be used as a Bad USB device. Not exactly stealthy, but tucked behind a desktop computer tower it would totally work.

you finally wake up to what was already possible years ago.

When I first saw the Flipper Zero, I thought it was some sort of Tamagotchi and fidget toy combined....

Yeah, but considering that this cable is about $120 and the Flipper zero costs about $400, I'd say that already makes the flipper zero a no go for most nefarious actors.

To be faaaaiiirr.

They are not a real threat regardless. Just pen testing toys for basic netsec education.

Realistically nobody is going to go through that much effort for a normal persons info, this would be much more useful to use against companies

People who despise these devices existing don't understand how dangerous this kind of stuff is or physical security for that matter, there are attacks that have existed for over 70 years (and when I say have existed I mean there is absolutely no way the manufacturer did not know for that amount of time) that are still absolutely doable on relatively high-end locks today. The design flaws that allow these kinds of devices (mostly the flipper zero but the omg cable a little) will not be patched if there is not outrage at the design flaw

🍓🍓🍓

Well done

I hope the being naked part was needed for logging out

@@ToxicMothBoi it was needed for logging

I'm pretty sure that's the reason he's doing a video on hacking tools in the first place. Awareness of the threat is the first step to combating it.

Totally had to. And had to sell these for a lot of money

@@flameshana9 The high price keeps them out of the hands of many. Good thing.

@@wisteelathere is more truth to that than most people realize. I have several cables that were found in the wild. They are all… let’s just say very behind.

Create problem, sell solution :p

He made his own Kryptonite

That would be hilarious if you could catch someone's reactions

Plant a cable that opens a notepad to warn against random cables & in the background have their webcam open proceeding to download the short video file of them reading that; finally opening the video to themselves reading. This would be a SHOCKER and great content hahaha

@@_____alyptic Make the first line _"SAY CHEESE!"_ and make it take a picture with flash and shutter sound on and send you the picture 🤔😂

That's very reddit of you, have some gold stranger!

China has already reversed this from the day it came out, we'll see $10 versions in a few months.

lol, no. These sorts of tools can be made for $10. It's been cheap for years. It's not a real threat becasue these tools are not useful for actual targeted attacks.

@@theairaccumulator7144 It's been $10 for years already. Look at what Arduino offers, lol.

@@theairaccumulator7144 these Chinese stuff works but they usually don't come with comprehendible docs, so I guess we're fine for now

I find it very hard to get a work computer infected with anything, can't do shit anymore 😂

it's like stopping a boat made of Swiss cheese from sinking there will be always someone doing the wrong thing at the wrong time.

"I DIDN'T CLICK NOTHIN!!"
..."Sir, I am right here beside you. I just watched you click seven differnt things just because they had blinky pictures."
"I DIDN'T CLICK IT!"
..."Sir, I can -hear- your mouse clicking."

I know better and accidentally clicked a phishing link recently. Fortunately it only went to a fake login page and didn't download anything, but it was a pretty scary couple minutes.

I had a laptop that was in the middle of being reimaged and got infected 💀 Defender caught it but it was strange nonetheless. Mimikatz.

Its also a field that can't be measured you cannot tell how many attacks awareness prevents.

My work CONSTANTLY reiterates never using the same password for your personal accounts as for your work accounts, to never giving your work passwords to phishers, to never using your work email to sign up to shady sites. Yet employees continue to do it.

100%. The only real attacks are social engineering. Remote hacks and such are hollywood tropes.

@@FelamineClearly not a problem with the “law” then.

Few? What fields are there where spreading awareness is bad?

Unless Amazon cleans up their sloppy practices that's definitely going to happen. It probably is already happening.

Not just online shopping but I could see this getting planted in places like gas stations as well. Scary stuff.

By providing the threat? The link is in the description. The hypocrisy no one is seeing is astounding.

@@hollytaylor5327 better to make something like this, be open to everyone about how it works and let it be researched than for someone else to make this with terrible intentions and blindside tons of businesses

@@hollytaylor5327 They make these products for actual security testing purposes as they explained in the video. But yes by making them generally available you're putting the threat out into the real world which means companies are forced to take the threat seriously. Besides you can't just buy these and go on a crime spree, even buying these products absolutely puts you on a list.

sounds like your company is a PRIME cable target. People still plugging in random USBs is a "HUGE STUPIDITY HOLE"
If they're that vulnerable to USB infiltrations I'd honestly feel very confident that if I dropped a little over a grand on ten of these in your company parking lot I could make 100x time my money back through a combination of personal blackmail & company hacks. but hey im just a ten year old kid or a 40 yo virgin trying to sound mean and scary right? yeah probably i mean... more than likely? or maybe.... lol this sh*t isn't hard or expensive (relatively) its just obscure. Once you understand the principles the primary limits are your own creativity and ethical standards.

@@Jake420 Why spend $100+ on an attack cable when the company can be infiltrated with some $5 USB sticks, is the point I think they were trying to make :P

I worked for a chemical company on a project and all of the production control machines were air gapped, used PS2 keyboard and mouse and had all of their USB ports stuffed with hot glue.
Transferring data to those machines was done with special "data caddies" which were basically USB drives with a non-standard connector.

if they start writing people up and cutting pay and benefits every time they fail the test they will gain IQ points real quick

So, where do you work?
Kidding. Saw a man in the street thing where they offered people candy for their workstation password. So many just handed it over no probs.

Not only that, people backward engineer this stuff all the time, so I could see a slew of people making "copies" of this tech, and it not only being cheap but unknown because they will only use it for themselves

Yeah

not just for an organization, but for an average joe with a vendetta as well. It may be expensive for throwing it on the road or using it for general attacks like in a hotel. It's perfectly viable for a targeted attack. I can see a disgruntled ex slipping it in.

Sending an email costs 0$ though and is more likely to work, less likely to be traced back to you (if you know what your doing), and is likely to give you more access.
Walking out with a computer or hard drive costs 0$ and is more likely to work and much less skilled, and if you are vulnerable to physical attacks someone could pull it off.
Plugging in a normal keyboard costs 20$ and while there are some things you can't do with it, (remote connection) you could still do damage.
I love it when LTT covers these tools because they are fun to play with. But I am much more worried about phishing as an attack vector than physical attacks with tools like this. These tools are not going to shift how we defend networks because they are simply slightly flashier more advanced versions of existing threat vectors.

​@@adrianvd6940 honestly, at $100 this seems to be consumer pricing already. trying to fit that tech in the package space of half a thumbnail, is already impressive. I kind of want to send one of these to a lab and do a full analysis, including cross sectioning, xray, and acoustic scanning. not in that order mind you

doesnt get more textbook than that, well played to him

That's the governments way.

Still a pos

Technically it could be classified as racketeering, but there are some qualifiers for that.

Well, it's just a detector. Not a full blocker, so, no solution really lol
Could still just instantly execute scripts.

Yeah, but anyone trying to save money by buying a phone on ebay probably isn't rich enough to be a worthy target of such an attack. It would largely be a waste of the attackers time and money more often than not.

​@@GeneralNickles I disagree. Scammers gonna scam.

You didnt check the price of the cable. Dont be stupid, no scammer will spray and pray with it.

@@Khronogi yeah, but scam what, though?
If they put ransomware on some random middle schmuck's computer, then said schmuck would probably just go get a new computer. Stealing banking credentials isn't gonna accomplish much, because they probably don't have much to steal in the first place.
It would almost always end up being a waste of time and money.

@@Khronogi It's $120 USD, no scammer is going to pay that much in the hopes that some random person will use it and have anything worth stealing. Scammers succeed by casting a wide net that doesn't cost them much if anything, like phishing emails, not by by spending over $100 per target.

It's misinformation based on a bad understanding of real world netsec, and shilling to sell a product. LTT are the last people to give out netsec advice.

It's expected for intelligence agencies to have access to these and more. But for normal people to, this is gonna be interesting to watch unfold.

its the worst part about being a cynic. You don't want to be right. But you know you are. Your brother sounds like a wise man. As someone with 3 younger brothers to protect (even if they don't realize they still need it) you have my respect from one brother to another.

@@Secret_Takodachi if his brother said that 15 years ago he isn't wise. Its probably the first thing that came true that he said.

@@jarryjackal3827 your comment is just as presumptuous as the one you’re criticising

I wonder how much data can be transferred when just charging? Android phones ask before data transfer over usb would that not prevent some of from accessing data?

​​@@jarryjackal3827 hacking has been around far longer than the early 2000s. Just cause a method is widespread enough to get onto LTT now doesn't make it new. Don't you remember those good ol days when they warned ya not to put strange CD's into your disk drive, or those sketchy floppies with some guys sick new beats from the subway?

THE CART IS SUPPOSED TO GO *FORWARD!*

THE CART IS REACHING THE FINAL TERMINANCE!

MEDIC!

GET TO THE CART MAGGOTS!!

Who's not pushing ze cart? I want the names!

Once one person does it, then the copycats will try cheaper versions, but perhaps not as full featured.

It's not viable for general attacks but perfectly viable for a targeted attack. If someone wants to harm you they will harm you, money is not a problem for those cases.

These devices pose zero threat in the real world. Don't buy into LTT's fear mongering. They are selling a product.

@@brianwest2775 Devices like this have been $10 for years, it's nothing special or new. They are useless in the real world.

@@chiranjeevsahoo4960 Targeted attacks need to be far more sophisticated for a remote attack. Anything worth while is going to need a physical compromise to be worth using a remote tool. Which is pretty much non-existent for years already.

A backpack that may or may not still have no warranty.

lifetime warranty?

Its called Apple.
Though it could just be phobia of mini-jacks

Cablaphobia
Pronounced Kay-blah-phobia

I'm just glad I decided to keep those 2 boxes full of cables for the last 20 years of my life!
... who am I kidding, it's more like 4 crates.

@@MotoDash1100 I lol'd. Thank you.

@ChillingSpree give it two and it’ll be another gender lol

Toileg

I like how you say"against"

@@danyal_assi Ratio

Wow with that price it may make him a lot of money

Why bother taking electronic devices with you? Go there without them, keep them at home. You'll be 100 times happier

People are saying the chips only cost a dollar. So there's nothing to stop them from it.

allready made its way into best buy disgused as legit products. People buy a real one. replace it with this then return the product to the store.

@@flameshana9 Pretty sure its just an esp32 or something.

I expect that someone like Apple or Samsung don't make their own cables in house. If the company they buy these from wanted they could include cables like this with every smartphone these companies sell. Then wait until their cables are everywhere or until they are found out and then ransom every device.

@@Souchirouu Thank you for that idea…

Linus: But I'll happily give it an incredible amount of free advertising!

@@KrillinInTheNameOf So you prefer to be NOT informed and caught in panic wave or be the victum when shit hits the fan?

@@alexturnbackthearmy1907 I'm not sure what this has to do with being opposed to him promoting actual products. He could warn people about the risks of these types of devices without showing every wannabe hacker exactly where to get a product like this.

@@KrillinInTheNameOf I mean I searched for "hacking USB cable" and got the OM.G and Ninja as the first results, with a public storefront, so I don't think that barrier to entry is really valid.

No kidding. Even the ELITE version is ONLY $199.99, that's CHEAP for something with such nearly limitless functionality!

It still won't matter

couldnt agree more

People are dumb, it can't be fixed... I could grab a USB stick, load up an autorun attack tool on it, and almost everyone would pick it up off the street and plug it in. By making it throw a popup saying it's not compatible and to try another computer I could get them to infect everything they have access to. I'm in IT and security now, because I used to wear a different hat before and know how it's done, there is a near infinite mountain of attack vectors to use and the way to protect against them is isolation mostly.

No I don't fucking care

Always has been

@@resneptacle yup nothings really changed just method

​@@xwiick Yep. They've been warning about using public USB charging stations for almost as long as they've been a thing.

@@xwiick "The more things change, the more they stay the same."

Lol me too

.... because the flipper zero DOES look like a happy meal toy? I don't think the cable has anything to do with that...

Flipper Zero does already look like a Happy Meal toy though. LOL

The video says uploaded 1 hour ago with your comment being made two hours ago 😅

@@WSAnderson Exactly LOL

im gonna use thumbnail to soy on myself. Finally gonna know what the fuck i do all day

Generally if you're going to spy on your loved ones, you'd also have physical access to the devices they use too. Sneaking in a USB device into the back of their desktop or laptop is going to be easier and cheaper than ensuring they use your cable.

@@Programmdude yes but when it comes down in price it would be less phishy and a cheap way to get into the person phone which these devices target also

People have been hacking each other since people exist. Its even common to treat ideas and thoughts like this usb cable, like a threat. And sometimes they are. This tech is interesting, nonetheless.

Already exists. Use of a hardware keylogger on your partners PC to spy on them for abusive purposes has been a thing for years. Most people won't notice something in the back of their machine that wasn't there before.

Toilet

​@@danyal_assi stop spamming, you arent funny

It’s not possible. A computer is useless without some way to interact with it. If a person can interact with it, then anything that emulates a person interacting with it can too.
The best that can be done is a cat and mouse game trying to detect exploits, etc. but that will never stop someone being able to go to a website and download software or run software written on the machine itself.

I mean, it would be nice to have the option. but on the other hand, these devices can mask themselves as pretty much any device out there. so even if windows gave you an alert or something that the device named "xx" was connected and you need to accept a prompt to continue, this could just name itself the same as the device and most people would not ever see anything wrong with that.

it would likely mean making billions of USB devices uselsess and obsolete since they dont have any way to verify themselves to the new security system

There are type A charge only USB adapters. You could use one of those with a tape C to type A adapter. You’ll probably lose charging speed, but at least you can use it in an emergency.

It occurs to me that using USB for charging, data, and input is actually quite a security flaw. I know some large companies just disable USB drive support on all computers. Now I see why. Perhaps SD cards are actually safer, because they can only be storage.

@@andybrice2711 - It’s more serious than data. USB is a bus, just like the PC Express bus, which means that it can add devices to your PC.

@@sylviam6535 Having a single button is way more convenient than having to add / remove the "USB condom" (as some call it) each time you want to toggle data on or off. I miss those cables too!

@@florentcastelli - I am not sure that a physical switch would work on USB type C. They would probably need to insert a chip to deal with the additional complexity.

😂

You're welcome. As consolation, you don't need to be afraid of hackers trying to compromise your systems until you have data worth stealing. Are your memories safe? I sell zero-day exploits on bug-bounty forums. Secure your bad ideas and protect the future of disinformation.

@@oldtools6089 assuming you don’t have information worth stealing is this first mistake.
Do you have a social security number? Then you have information worth stealing. That number is worth a lot of money.

​@@rebchizelbeak5392there's also a factor of "have you made any severe enemies to go to these lengths".

@@chiranjeevsahoo4960 no.
I know people that have had their SS number or cards stolen with no enemies.
Those are worth thousands.

@@rebchizelbeak5392 And are profitable even at this cost

Toilet

Yes

Валидно

fish

Ka-boom!

for real 😂

My thoughts exactly

another thing that's cheaper than that backpack...is this segue

Kriega R30: $275 USD and made from abrasion resistant textiles, has a fantastic system for distributing weight and staying on, as well as 30 liters of space and having a massive 100% Waterproof compartment.
Linus: how 'bout none of that BUT it's $25 USD less expensive.

Except for a graphics card. You have to go down to an RX 6600 or A750 to start seeing cheaper prices!

This cable should be a crime

@@joshbittner ethen hackers that need one will just make their own, You ren't solving the problem

The problem with that saying is (skipping the whole scientists vs engineers, the tech isnt new the application is) not that this is a unique tool developed by some masterminds. It's common tech thats been packaged and branded for the consumers. CIA had this tech 10 years ago and so did probably other state funded organizations as well. It's only a matter of time before you can buy it from aliexpress for a dollar. Creating this product and bringing this design flaw in USB to the light of mass audiences does more good than harm to the world collectively.

No, what applies better is “security through obscurity is no security at all”. OMG didn’t create this attack vector, he made it accessible to everyone and raised awareness that this exists. Now more people will be on guard, look at this and work on mitigating this.

@@ForeverHobbit "not solving the problem" is not an invitation to make that problem even worse.

Pretty sure spy movies have been using these for the past half a century.

And the fact that the FBI is willing to _tell people this is a thing_ is a sign that to them, this method of exfiltrating data and hacking stuff is already *_obsolete_* by Three Letter Agency standards. Why spill the beans on a technique you're still actively using to spy on people?

Yeah in my eyes what this guy is doing is making this accessible to security researchers and pen testers so companies etc can figure out how to defend themselves from it, rather than really creating a new attack vector or anything of the sort

Yes this type of device has existed for many years, the company behind the usb rubber ducky has been around since 2005. Awareness is just bad, they've clearly made their point to the negligence of certain enforced security. In security, the biggest vulnerability to anything is physical access, with the right tools you can obtain anything. This is not just technology of course. Honest attackers are creative and sneaky who can be reasonably discouraged. Attackers with sledge hammers also exist.
Keep your important belongings safe!

The name of the NSA implant this is inspired from is called COTTONMOUTH. It was in the TAO catalog released in late 2013 iir.

He might have kept some backdoors open in his detector for very special custmers or high priced cables.
We need to create open source detector project so that it'll be kept updated for each new cable.

But when you are mass producing the cannon ball anyway, you may as well have a go...

Even so, I could easily see that in airports for example, since lots of business people go there so even if only 0.1% of them tries to charge their work phone in it, it's already multiple companies that could be at risk. And obviously, you, the user, who just wanted to charge your phone while waiting for your plane.
Even if you're not a target, stay safe

These are not powerful. You can't do much with them. They are only useful if you know a lot about your target and want to get data on their computer

@@uponeric36 Basically yes. Or just use one of your cables that does charging only (disconnected data wires). Or bring your own charger. Or always charge your powerbank and charge your phone only through it. There are lots of options, and to be honest, even before these kind of attacks I never plugged my phone into a public USB port because they charge so slowly it's useless. I always use my charger

I dunno, I mean I think a fly is kind of a bad example though. You've heard the lengths people will go to kill a spider right?

They are more or less fearmongering misinformation. These tools are useless in real life and pose zero threat. They have been around for years for $1, and there have never been any recorded accounts of these attacks being used on anyone.

Except that he clearly doesn't care about the security aspect and he is creating THE NEED. He rationalizes heavily and his body language is visibly giddy about the potential chaos that he can sow by having a tool - that would normally cost substantially more and for good reason - much more accessible to the average populace who are willing to sacrifice their kidney for a goddamn $2000 GPU. For LTT to brush that aside while using it as an example was an "O_O are you serious?" moment.
The irony of this is that he is apparently lackadaisical about it at home and was forced to create a counter-measure because his wife was getting tired of his bullshit. (Frankly, i'd just divorce the asshole.)

@@gludlok747 who pissed in your cheerios?

@@RoshiGaming No one. Well.. not that i've noticed anyway. I just know bad news when I see it and I haven't felt this uncomfortable watching an LTT video ..ever. So I responded to a comment that helped formulate what I was thinking.

@@gludlok747 you’re actually dumb. Nearly everyone who works in offensive security from pentesting to red teaming gets excited and giddy about new hacks and toys. Anyone else who is able to invent anything similar to that from Proxmark to the bash bunny has every right to be excited about what they achieved and it’s dumb to think that means anything about their attitude to security.

@@gludlok747 the counter messure may actualy be just as bad as the creation. hes just not going to tell you. and make you think you are safe. thats the level we are at here.

I really wonder why someone would create something like this

Ding, Ding, Ding. Shared product bins is already an issue beset with with counterfeit knockoffs. The fact this exists at all should be a crime, and if not the engineers responsible should be mandated to carry liability insurance to cover any damages resulting from their product being used by anyone that's not a white hat.

Or someone could buy legit cable, replace it with one of those, and return it. Scarry but possible...

​@@reahreic7698 i feel like you're reaching a bit. This thing is only effective if the person who wants to use it is able to get close to the person. So what are they going to mix it in with legit cables and pray they get it sent to the person they want to attack?

@@altokers that and the cost would be astronomical

Dont buy stuff from amazon

If education actually solved problems we wouldn't have them. The internet's been around for almost 3 decades but humanity is less educated than ever. They fall for the most obvious scams. Do you know how many times I have to tell my family not to do certain things on a computer/phone? They still don't understand not to immediately trust what they see.
Pessimism is a better protection than trying to learn about all the different ways life can screw you over. Case in point, the guy who made this said there's many easier ways that are constantly being used. These methods are rare.

you can't protect yourself. its out there

@@housemouseshorts Living the rest of my days out in the woods becomes a more enticing option with every passing day.

If I would live anywhere near I would definitely do this.
On the other hand I hope dbrand will use one of those to prank Linus with their next "hacked" lineup

I disagree. If someone benign can make it so can someone nefarious. If someone benign makes it and publishes the risks and all the tools it’s more likely to be helpful rather then hidden.

A N I M E
N
I
M
E

You should. Because across the globe random Joe is doing same thing right now. And only god know who would be first.

❤