We X-Rayed a Suspicious FTDI USB Cable

To be fair, this story is basically an ad, but a pretty good one, and many featured HN stories are really marketing. Personally, I don’t mind marketing stuff, if it’s interesting and relevant (like this).

But the fact that most comms cables, these days, have integrated chips, makes for a dangerous trust landscape. That’s something that we’ve known for quite some time.

BTW: I “got it right,” but not because of the checklist. I just knew that a single chip is likely a lot cheaper than a board with many components, and most counterfeits are about selling cheap shit, for premium prices.

But if it were a spy cable, it would probably look almost identical (and likely would have a considerably higher BOM).

I have a slow burn project where I simulate a supply chain attack on my own motherboard. You can source (now relatively old) Intel PCH chips off Aliexpress that are “unfused” and lack certain security features like Boot Guard (simplified explanation). I bought one of these chips and I intend to desolder the factory one on my motherboard and replace it with the Aliexpress one. This requires somewhat difficult BGA reflow but I have all the tools to do this.

I want to make a persistent implant/malware that survives OS reinstalls. You can also disable Intel (CS)ME and potentially use Coreboot as well, but I don’t want to deal with porting Coreboot to a new platform. I’m more interested in demonstrating how important hardware root of trust is.

Yeah - these [0] kinds of cables are so extremely scary.

"The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries"

"Easy WiFi Control" (!!!!!)

"SOC2 certification"? Dawg, the call is coming from inside the house...

[0] https://shop.hak5.org/products/omg-cable

Just to be clear suspicious in this sense is a cable that is likely counterfeit and wasn't able to do high speed transfer unlike the genuine known good one.

I could spot the clone because I'm familiar with the form factor of the FTDI IC, and I'm familiar enough with the datasheet to spot the expected passives.

I'm not too keen these days with FTDI's reputation for manipulating their Windows device drivers to brick clones. So, while I'm familiar with their IC, I don't give them any more money. The next time I need a USB to serial cable, I'll bust out KiCad to build it using one of the ubiquitous ARM microcontrollers with USB features built in. Of course, this is easier for me, since I can write my own Linux or BSD device driver as well. Those using OSes with signing restrictions on drivers would have a harder time, unless they chose to disable driver signing.

After they infamously started going after clones, anything branded FTDI is automatically suspicious.

USB-serial adapters are not particularly special. Dozens of other manufacturers make them.

Jeese. I was not sure which image was the suspect one.

Related USB-C head-to-head comparison (389 points, 2023, 219 comments) https://news.ycombinator.com/item?id=37929338

this is an advertisement for the company

it's a serious problem

they could be regulated to expose their chip with transparent covering rather than plain dark wiring