Hello everyone,
Last month, I listened to a podcast discussing the dangers of using public USB ports—like those found on buses, trains, or in public places like coffee shops and restaurants. Today, I stumbled upon another piece of news about the same topic. Perhaps it’s destiny telling me to write about it!
For this post, I’m drawing on two sources: a German article and a fantastic YouTube video by David Bombal, a well-known cybersecurity content creator.
The article explains why it’s strongly advised against buying no-name USB cables. The reason? We can never be sure of the technology hidden inside them. Even a slim, seemingly innocent cable could contain dangerous hardware capable of harming users. For example, a no-name cable could house a keylogger that transmits your inputs directly to an attacker. Worse, such cables can secretly install malware, granting attackers further access to your devices.
A company called Lumafield has developed a CT scanner designed for tech companies to inspect the inside of USB cables without destroying them. This is a significant step forward in understanding and mitigating the risks of malicious cables.
This looks like an ordinary USB-C connector, but when we CT scan it, we find something sinister inside…🧵 pic.twitter.com/Q1RfpnS0Sp
— Jon Bruner (@JonBruner) December 4, 2024
The advice is clear: stick to original cables from your device’s manufacturer and avoid using public USB ports altogether. Instead, carry a power bank for charging your devices securely. To clarify, both Lumafield and David Bombal demonstrated these vulnerabilities using an O.MG Cable. This cable is specifically designed to showcase the risks of malicious cables and highlight why it’s critical to use trusted accessories.
Here’s an example from David Bombal. I highly recommend watching more of his videos.