There are a ton of different payloads that can be run on these, for everything from simple keylogging, to root access, to network backdoors. I’ve only recently gotten into pentesting but with something like this there’s no real limit to the damage that could be done with only a few seconds of physical access.
Honestly, as a Systems/DevOps engineer it’s always been well know that if you have physical access, you have zero chance of security. Sure it might take more time if precautions were followed, but you will be owned eventually, that’s guaranteed.
This is one of our most frustrating fights I have with our security design reviewers. Effectively functionless mitigations that create extra obstacles for our service reps to deal with during troubleshooting. One example is our equipment is installed in access restricted areas, in a locked rack. We don’t need to disable unused Ethernet ports on our networking equipment that exists in a locked cabinet and it will take away our ability to repatch equipment to a different switch in the system to assist in troubleshooting.
C-to-C is even worse because Usb-C requires a chip in the connector, and you never know what that chip is capable of. Usb-A would only have a chip in it if it’s been tampered with.
The MSPM0C1104 is a 24 MHz Arm Cortex-M0+ based device with up to 16 KB of flash and 1 KB of SRAM. It has a 12-bit ADC with three channels, six GPIO pins, and typical communication interfaces like UART, SPI, and I²C. It is an ultra-low-power 32-bit MCU well suited for compact battery-powered designs.
Whilst this wouldn’t work for this specific application we’re discussing (no USB support, no wireless), it’s an amazing example of just how little a microcontroller can be nowadays.
You can now buy one for yourself online. https://shop.hak5.org/products/omg-cable
That is amazing. The x-ray of it is kind of scary, honestly. That little chip could be all it would take to get into an air-gapped machine.
Could?
There are a ton of different payloads that can be run on these, for everything from simple keylogging, to root access, to network backdoors. I’ve only recently gotten into pentesting but with something like this there’s no real limit to the damage that could be done with only a few seconds of physical access.
Honestly, as a Systems/DevOps engineer it’s always been well know that if you have physical access, you have zero chance of security. Sure it might take more time if precautions were followed, but you will be owned eventually, that’s guaranteed.
This is one of our most frustrating fights I have with our security design reviewers. Effectively functionless mitigations that create extra obstacles for our service reps to deal with during troubleshooting. One example is our equipment is installed in access restricted areas, in a locked rack. We don’t need to disable unused Ethernet ports on our networking equipment that exists in a locked cabinet and it will take away our ability to repatch equipment to a different switch in the system to assist in troubleshooting.
Let me guess, they do allow ai traffic from everyone and their mum for the sake of uhh… innovation?
That is gnarly!
https://hackaday.com/tag/badusb/
Crazy that the USB-A housing is big enough for that. Makes me want to avoid anything that’s not C to C.
Edit: someone pointed out there’s an option for C to C 💀
C-to-C is even worse because Usb-C requires a chip in the connector, and you never know what that chip is capable of. Usb-A would only have a chip in it if it’s been tampered with.
Yeah I was hoping the smaller form factor would make it difficult to fit in extra malicious hardware.
This was the smallest Bluetooth chip back in 2017. I can’t even imagine what else they can fit into the form factor of a USB-C plug nowadays.
Released last year, TI MSPM0C1104
https://www.electronics-lab.com/texas-instruments-unveils-mspm0c1104-worlds-smallest-microcontroller-for-space-constrained-applications/
Whilst this wouldn’t work for this specific application we’re discussing (no USB support, no wireless), it’s an amazing example of just how little a microcontroller can be nowadays.
There’s a USB-C option for the active end.
Came to check if anyone had already linked hak5. Glad to see you had shared the link!
This is both incredible and horrifying at the same time