• OutlierBlue@lemmy.ca
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    17
    ·
    17 days ago

    So the manufacturer isn’t spying on you, it just designed a product so someone else could hack you instead? That doesn’t make it sound any better.

    The end result is the same: be careful what cables you plug into your device.

    • kn33@lemmy.world
      link
      fedilink
      English
      arrow-up
      76
      ·
      17 days ago

      The end result is the same: be careful what cables you plug into your device.

      Sure, but this is clickbait at best. It’s not a revelation that this cable contains that hardware.

    • nondescripthandle@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      67
      arrow-down
      1
      ·
      edit-2
      17 days ago

      Its designed to be used for pen testers so they don’t have to spend $20,000 on the alternative cable. Its a single cable thats costs like $200, so im not really worried many people are going to get hacked because they accidentally bought a $200 cable.

      • Arbiter@lemmy.world
        link
        fedilink
        English
        arrow-up
        27
        arrow-down
        3
        ·
        17 days ago

        The bigger concern is a supply chain attack, where an actor targets a specific buyer or agency with these cables.

        • nondescripthandle@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          18
          ·
          17 days ago

          Yeah that makes sense, im no expert but whats that saying ‘physical access is root access’ or something along those lines. Id imagine this is true (in spirit at least) about the cables.

        • Delta_V@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          17 days ago

          The capability itself is concerning. This bespoke cable might cost $200, but what would the unit cost be if a state decided to mass produce them?

          • Arbiter@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            17 days ago

            Even at 200 per unit a state actor could certainly see it as worth the cost for a specific attack.

    • AnyOldName3@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      ·
      17 days ago

      The intended use for this kind of product is that you hire a company to break into your company, and then tell you how they did it so that criminals (or, if you’re someone like a defence contractor, foreign spies) can’t do the same thing later. Sometimes they’re also used by journalists to prove that the government or a company isn’t taking necessary precautions or by hobbyists at events where everyone’s aware that everyone else will try to break into their stuff. There’s typically vetting of anyone buying non-hobbyist quantities of anything, and it’s all equipment within theoretical reach of organised crime or state actors, so pentesters need to have access, too, or they can’t reasonably assess the real-world threat that’s posed.

    • webghost0101@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      14
      ·
      17 days ago

      There are plenty of hacking devices on the market equal or worse than this. The truth is you want these devices available in the public so people are award of them and nerds can learn how to protect against them.

      The malicious inclined wont care about legal availability and some tinkers will make them if not only for the technical challenge.

    • TimeSquirrel@kbin.melroy.org
      link
      fedilink
      arrow-up
      4
      ·
      17 days ago

      These sorts of tools and knowledge should be free and open, so people can test their own systems and learn how to defend against them. They aren’t inherently bad themselves. As with firearms, it’s all about what you do with it.

      Hiding a potential exploit from the general public does them no good.