If you’ve ever wondered whether it’s worth buying official iPhone USB-C charging cables from Apple or going for more affordable third-party options, I have the only answer you’ll ever need. You should always buy Apple’s cables, especially if you’re the kind of target that hackers might go after. The same goes for Android users as well. Stick with official accessories.
Why? Well, electronics are so small nowadays that hackers can put a malicious computer inside a USB-C chip, and nobody would know.
The super-small electronics could let that computer connect to the web via its own Wi-Fi antenna, spy on the target, and essentially control their computer. The attacker would essentially get perpetual control. Or at least until the target starts investigating.
Lumafield’s Jon Bruner posted high-quality CT scans on X of one such potentially malicious USB-C cable that iPhone owners might use, showing the extra electronics that turn it into a tiny computer.
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech & entertainment news out there.
By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.
As you’re about to see, the components are so small that the size and shape of the USB-C cable don’t change. You’d have no way of knowing that you’re looking at a hacker’s tool by simply inspecting it visually.
Lumafield offers CT scanning solutions for businesses, so it was easy for Bruner to scan the cable. The cable he chose is the O.MG cable from researcher Mike Grover, who creates these cables for security purposes. But hackers at large, especially those with state-sponsored resources, could develop similar USB-C cables meant to spy on targets.
The 3D CT scans in Bruner’s X thread show you how incredibly small the computer inside the O.MG USB-C cable is. It’s still a regular USB-C (Thunderbolt) cable that works as a USB-C cable. It can recharge the iPhone and other devices and transfer data at high speeds.
We put an OMG cable in our @lumafield Neptune CT scanner. It captures hundreds of X-ray images from different angles, then we reconstruct them into a 3D model that includes both external and internal features. (The color coding in the 3D model indicates relative density.) pic.twitter.com/Kq6KU4REcl
— Jon Bruner (@JonBruner) December 4, 2024
Unlike a traditional USB-C cable, the O.MG device features a Wi-Fi antenna and several chips stacked on each other to give the USB-C cable the brains it would need for malicious activities.
For example, the cable might contain a keylogger that records everything typed on a device. It could also deploy additional malware after connecting to a command structure via Wi-Fi. Similarly, it could extract all sorts of data and give the hacker full access to your computer.
Inside the ordinary-looking OMG connector we can immediately spot an antenna and a microprocessor. While high-end Thunderbolt connectors have some ICs, you won’t find an antenna like this in any normal USB connector. pic.twitter.com/EpLb8c2P6l
— Jon Bruner (@JonBruner) December 4, 2024
Interestingly, the O.MG cable also has an off switch, which means it will only behave maliciously when instructed.
Scared yet? Thinking about all those cables in public places you might have used? Or the ports in coffee shops, train stations, and airports? I know I did when I saw the scans and video Bruner produced. It made me reconsider my accessory-buying priorities immediately.
2D X-ray images can detect major deviations from an expected design, like the presence of an antenna and an IC, but it’s easy to slip other features past a simple 2D X-ray scan… pic.twitter.com/CwomA5ksvB
— Jon Bruner (@JonBruner) December 4, 2024
The only way to know for certain that your cables are safe is to buy original products made for your smartphone or laptop. Got an iPhone? Use the cable in the box, or buy a different one from Apple. The same goes for your MacBook and iPad. If you buy Galaxy or Pixel phones, look for accessories from Samsung and Google.
On the same note, you might want to grab a battery pack to charge your gear on the go so you can avoid public ports.
Complex, global supply chains carry enormous risks, as we were reminded during October’s supply chain attack in Lebanon–a story that @_MG_ has been thoughtfully following and analyzing since it happened. https://t.co/rWt8zl8QPe
— Jon Bruner (@JonBruner) December 4, 2024
Then again, it’s not like all the places above feature charging options that contain tiny computers that will steal some of your data. But you can’t know for sure. One alternative is to do CT scans for each cable you use, but that’s practically impossible in real life. Also, 2D scans will not be enough to see those tiny chips inside malicious cables.
Another option is buying accessories that detect potentially malicious activity inside a suspect cable. Grover has solutions for those interested in malicious cable detectors at this link. Make sure you check Bruner’s video below for more details on this scary USB-C cable threat: