this post was submitted on 05 Feb 2026

409 points (98.1% liked)

Today I Learned

27871 readers

1042 users here now

What did you learn today? Share it with us!

We learn something new every day. This is a community dedicated to informing each other and helping to spread knowledge.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with TIL. Linking to a source of info is optional, but highly recommended as it helps to spark discussion.

** Posts must be about an actual fact that you have learned, but it doesn't matter if you learned it today. See Rule 6 for all exceptions.**

Rule 2- Your post subject cannot be illegal or NSFW material.

Your post subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-TIL posts.

Provided it is about the community itself, you may post non-TIL posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you vocally harass or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Partnered Communities

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

founded 2 years ago

MODERATORS

Rooki@lemmy.world

_MoveSwiftly@lemmy.world

Thekingoflorda@lemmy.world

DriftingDeep@lemmy.world

ericisshort@lemmy.world

Decoy321@lemmy.world

409

TIL for at last 15 years US government has been able to implant hardware into USB cables to turn them into hacking devices with wireless capability. (en.wikipedia.org)

submitted 2 days ago by brachiosaurus@mander.xyz to c/til@lemmy.world

74 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] fossilesque@mander.xyz 7 points 1 day ago (1 children)

Good thing I only buy cheap cables on aliexpress these days lmao

[–] TrollTrollrolllol@lemmy.world 5 points 1 day ago (1 children)

the Chinese government did it to those

[–] fossilesque@mander.xyz 1 points 1 day ago

As for now they are welcome to my data more than Palantir lol.

[–] Bad_Engineering@fedia.io 117 points 2 days ago (4 children)

You can now buy one for yourself online. https://shop.hak5.org/products/omg-cable

[–] SayJess@lemmy.blahaj.zone 29 points 2 days ago (2 children)

That is amazing. The x-ray of it is kind of scary, honestly. That little chip could be all it would take to get into an air-gapped machine.

[–] Rooskie91@discuss.online 20 points 2 days ago

Could?

[–] Bad_Engineering@fedia.io 10 points 2 days ago (3 children)

There are a ton of different payloads that can be run on these, for everything from simple keylogging, to root access, to network backdoors. I've only recently gotten into pentesting but with something like this there's no real limit to the damage that could be done with only a few seconds of physical access.

[–] thejml@sh.itjust.works 16 points 2 days ago (2 children)

Honestly, as a Systems/DevOps engineer it's always been well know that if you have physical access, you have zero chance of security. Sure it might take more time if precautions were followed, but you will be owned eventually, that's guaranteed.

load more comments (2 replies)

[–] dance_ninja@lemmy.world 19 points 2 days ago* (last edited 2 days ago) (2 children)

Crazy that the USB-A housing is big enough for that. Makes me want to avoid anything that's not C to C.

Edit: someone pointed out there's an option for C to C 💀

[–] moody@lemmings.world 25 points 2 days ago (3 children)

C-to-C is even worse because Usb-C requires a chip in the connector, and you never know what that chip is capable of. Usb-A would only have a chip in it if it's been tampered with.

load more comments (3 replies)

load more comments (1 replies)

[–] muusemuuse@sh.itjust.works 3 points 1 day ago

This is both incredible and horrifying at the same time

[–] dRLY@lemmy.ml 2 points 1 day ago

Came to check if anyone had already linked hak5. Glad to see you had shared the link!

[–] sommerset@thelemmy.club 22 points 1 day ago (1 children)

Ya no definitely. Anything just not a health care for people

[–] Salamanderwizard@lemmy.world 5 points 1 day ago

The government is that dude who'll talk a big game about how great he is, get ya in bed, fuck you and not even finger blast ya to the finish.

[–] YiddishMcSquidish@lemmy.today 23 points 1 day ago (2 children)

This is pretty much the reason I exclusively use dollar store cables and/or dedicated chargers. Saw a yt video about these things at an airport. The more I learn about tech, the more it makes me wanna uncle Ted the fuck out.

[+] GreenKnight23@lemmy.world 5 points 1 day ago (4 children)

[removed by mod]

[–] muusemuuse@sh.itjust.works 7 points 1 day ago* (last edited 1 day ago)

I do call center work in a health care environment. We get lots of scams. Most of them are bad and obvious but someone recently did the math and figured out the don’t need to be good to work.

Follow me for a moment.

Call comes in. It’s a recording. You know this recording. It’s a busy office environment. Paper rustling, typing, annoyed sigh exactly the same number of seconds in every call.

There is no response to your voice. But you have to say the same thing 3 times with no response before you can disconnect the call. So the recoding loops and you continue talking to the bot.

Why?

Well on my side, I know it’s dumb but I have to do it because metrics mean I can continue to almost afford to do things like eat food or masturbate in a warm house in the winter.

They do it because this bot lets them map out our IVR (whatever, it sucks now that it’s AI) and capture voice samples from people who are forbidden to hang up.

Now in years past this wouldn’t be all that useful. The samples are of reps saying basically the same damn thing. But we now live in the era of lifeless AI. So the bar has been lowered for what a legit interaction is. (Seriously, some places paid extra for a more “lifelike” AI that did everything the old EVA bot did but in an Indian accent with the sound of crumpling paper in the background and the occasional “um” thrown in.)

So those voice samples can be used to create a fake call center based on real employee voices. This is a known attack vector that is being used against us in health care right NOW.

But AI needs to profitable so nothing is done about it.

Seriously, they protect AI to such a ridiculous extent they know the scam is happening from the same phone number and they won’t block it or even issue it a challenge.

load more comments (3 replies)

[–] TerdFerguson@lemmy.world 3 points 1 day ago (1 children)

Yachts at sea.

[–] YiddishMcSquidish@lemmy.today 3 points 1 day ago

Yas Queen!

[–] rumba@lemmy.zip 9 points 1 day ago

You can just buy them

https://shop.hak5.org/products/omg-cable

[–] in_my_honest_opinion@piefed.social 83 points 2 days ago (3 children)

You might be interested in the full Snowden leak

https://github.com/iamcryptoki/snowden-archive

[–] MnemonicBump@lemmy.dbzer0.com 29 points 2 days ago (1 children)

Yeah, it's scary how much people don't remember/don't know

[–] chillpanzee@lemmy.ml 10 points 2 days ago (1 children)

And don't care.

[–] dRLY@lemmy.ml 3 points 1 day ago (1 children)

Maybe, might also be that since tech literacy has degraded since his leak. Which means that they don't care because they are overwhelmed with the information that they don't understand. Hell, I imagine that a lot of the press that where sent the information didn't fully understand.

The average person likely defaulted to what they always do, and just assumed that the leak meant the feds had to stop and treat it like any other historic reveal (example being stuff like COINTELPRO and believing that it was bad but isn't done anymore). Hell, a shocking amount of libs honestly thought that Biden was going to bring Medicare for All (even though he said he wasn't) just because he said "the Democratic Party is the party of healthcare" a few times.

[–] chillpanzee@lemmy.ml 2 points 1 day ago

I'm sure it's a spectrum, and some people may legitimately not be aware, but its been 13 years. As a society, we've had ample time to get literate and develop knowledge. Instead we've had three presidents from both major parties hold the line that Snowden was a criminal for blowing the whistle on rampant illegal surveillance, and all 3 of them just stepped on the gas.

Voters don't even see the irony in the pedophiles' ramping up the surveillance apparatus in the name of protecting the children.

load more comments (2 replies)

[–] pipi1234@lemmy.world 19 points 1 day ago

I knew about these, but always thought I could spot them.

I wouldn't!!!

[–] 9point6@lemmy.world 82 points 2 days ago

Not just the US government, anyone has been able to do this for years

[–] muusemuuse@sh.itjust.works 8 points 1 day ago

Dude, we’ve been able to do that with a fucking arduino for years.

[–] Gladaed@feddit.org 3 points 1 day ago

This is rather trivial to do. Micro chips are small.

[–] HugeNerd@lemmy.ca 5 points 1 day ago (1 children)

Joke's on you, I still use Firewire.

[–] nutsack@lemmy.dbzer0.com 4 points 1 day ago

yeah that's a good joke

[–] DeathByBigSad@sh.itjust.works 27 points 2 days ago (4 children)

Pro Tip: Leave a unique mark somewhere on the cable so if someone switches it, you can tell it apart. Always check for the mark before you use the cable, every time.

(Yes I actually do this, I'm paranoid)

load more comments (4 replies)

[–] otter@lemmy.ca 18 points 2 days ago (2 children)

You can see a CT scan of one of these

https://www.techspot.com/news/105863-usb-c-cable-can-hide-lot-malicious-hardware.html

load more comments (2 replies)

[–] Itdidnttrickledown@lemmy.world 7 points 1 day ago* (last edited 1 day ago)

Any government and crooks as well. Its been possible a lot longer than fifteen years.

Compromising computers with tech is nearly as old as computers themselves. The wireless aspect makes it more convenient but in no way is doing so new.

[–] fallaciousBasis@lemmy.world 16 points 2 days ago

Anyone can do this.

[–] Zer0_F0x@lemmy.world 27 points 2 days ago

We found out 15 years ago the hardware is probably older

[–] 7rokhym@lemmy.ca 18 points 2 days ago (2 children)

USB condoms for charging exist for a reason.

load more comments (2 replies)

[–] possiblylinux127@lemmy.zip 6 points 1 day ago (2 children)

I am not terribly worried about USB/thunderbolt attacks since Android requires authentication before it does anything.

[–] unit327@lemmy.zip 6 points 1 day ago (1 children)

Lol, plug a usb mouse or keyboard into your android and it will just work. Anything you can do these things can do.

[–] possiblylinux127@lemmy.zip 3 points 1 day ago* (last edited 1 day ago)

My phone still requires auth to use plus there is no way for them to get what's on the screen. I'm also pretty sure that typing a pin requires the screen but I could be mistaken.

Even if there was a way to attack from USB, I still wouldn't be that worried. USB attacks typically are only used against targeted individuals not some rando. The reason why you see warnings about chargers is because it makes easy clickbait.

[–] DeathByBigSad@sh.itjust.works 5 points 1 day ago (2 children)

No permission needed for a keyboard to open up a malicious webpage.

Yes a keyboard. Your USB cable wears a trench coat that says "Hey I'm a Keyboard, lemmy in"

load more comments (2 replies)

[–] Widdershins@lemmy.world 8 points 2 days ago (1 children)

I've been using wireless chargers for years. I find it "more secure" in the sense that my phone's port is full of gunk and if I want to wake up with full batteries I can count on wireless a lot more.

[–] HubertManne@piefed.social 5 points 2 days ago

I like wireless and magnetic mainly because fucking up the cable is like the most common thing I might do to a device. not saying I do it all the time but its the most likley break to happen.

[–] quediuspayu@lemmy.dbzer0.com 11 points 2 days ago

https://darknetdiaries.com/episode/161/

There's a darknet episode about these cables

load more comments