FRESH

Hacker News

Home

We X-Rayed a Suspicious FTDI USB Cable

198 points by aa_is_op

by ChrisMarshallNY

5 subcomments

To be fair, this story is basically an ad, but a pretty good one, and many featured HN stories are really marketing. Personally, I don’t mind marketing stuff, if it’s interesting and relevant (like this).
But the fact that most comms cables, these days, have integrated chips, makes for a dangerous trust landscape. That’s something that we’ve known for quite some time.
BTW: I “got it right,” but not because of the checklist. I just knew that a single chip is likely a lot cheaper than a board with many components, and most counterfeits are about selling cheap shit, for premium prices.
But if it were a spy cable, it would probably look almost identical (and likely would have a considerably higher BOM).

by invokestatic

4 subcomments

I have a slow burn project where I simulate a supply chain attack on my own motherboard. You can source (now relatively old) Intel PCH chips off Aliexpress that are “unfused” and lack certain security features like Boot Guard (simplified explanation). I bought one of these chips and I intend to desolder the factory one on my motherboard and replace it with the Aliexpress one. This requires somewhat difficult BGA reflow but I have all the tools to do this.
I want to make a persistent implant/malware that survives OS reinstalls. You can also disable Intel (CS)ME and potentially use Coreboot as well, but I don’t want to deal with porting Coreboot to a new platform. I’m more interested in demonstrating how important hardware root of trust is.

by hex4def6

1 subcomments

I'm failing to see the smoking gun here.
There are two ways you could interpret "counterfeit".
1. Fake IC (identifies as FTDI 232 IC), fake cable (FTDI logo on it)
2. Real IC, fake cable (eg, I buy the FTDI IC and make the cable, and sell it as an "official" FTDI cable).
(1) is I assume what they mean in this instance., but you could argue (2) is also possible. However, they make no mention of the packaging both calling them "FTDI" cables. Instead, I assume they're going off what they report to the OS as.
FTDI have been around for decades, and the offhand "old cable we had kicking around" could easily mean its 15+ years old. That might easily explain the chip size difference. In this case, FTDI did make TSSOP 28-pin chips for a long time. They're now obsolete, superseded by SSOP package variants (like in the "Real" picture). Put another way, this is like comparing an i5-10400 to a Pentium II that I found in my storage closet and declaring the Pentium II fake.
The actual fake chips visually look identical to the real ones. Obviously, otherwise they wouldn't get mixed into the supply chain.
The only real conclusion they can realistically make from these x-rays are that they're not the same cable (but even then, I don't know if FTDI real cables have silently upgraded the internals while retaining the same SKU).

by gregsadetsky

1 subcomments

Yeah - these [0] kinds of cables are so extremely scary.
"The O.MG Cable is a hand made USB cable with an advanced implant hidden inside. It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries"
"Easy WiFi Control" (!!!!!)
"SOC2 certification"? Dawg, the call is coming from inside the house...
[0] https://shop.hak5.org/products/omg-cable

by sllabres

0 subcomment

From the article: "The consequences for a consumer buying a shady USB cable likely aren’t too bad".
I can't second that, but more to the software/driver side.
Without my knowledge, I once had a counterfeit cable that costed several days of my life. At that time, the FTDI drivers recognized (and as I read did some other things [1]) that a counterfeit cable was connected, but instead of simply disabling the function, they impeded it. In my case: After pressing the first few keys on terminal connection, the transmission from the device to the PC worked, but not the reverse direction. A long search for the error came to an end after I replaced the USB/RS232 with a new one. This was with windows, with Linux even the counterfeit worked.
[1] https://www.elektroda.com/qa,ftdi-ft232-scandal-driver-brick...

by commandersaki

0 subcomment

Just to be clear suspicious in this sense is a cable that is likely counterfeit and wasn't able to do high speed transfer unlike the genuine known good one.

by nanolith

3 subcomments

I could spot the clone because I'm familiar with the form factor of the FTDI IC, and I'm familiar enough with the datasheet to spot the expected passives.
I'm not too keen these days with FTDI's reputation for manipulating their Windows device drivers to brick clones. So, while I'm familiar with their IC, I don't give them any more money. The next time I need a USB to serial cable, I'll bust out KiCad to build it using one of the ubiquitous ARM microcontrollers with USB features built in. Of course, this is easier for me, since I can write my own Linux or BSD device driver as well. Those using OSes with signing restrictions on drivers would have a harder time, unless they chose to disable driver signing.

by userbinator

1 subcomments

After they infamously started going after clones, anything branded FTDI is automatically suspicious.
USB-serial adapters are not particularly special. Dozens of other manufacturers make them.

by dotancohen

1 subcomments

The suspect cable actually seemed to have better strain relief for wire connections and more solder on the USB A connector (transfers mechanical stress better), even though the author pointed them out as features of the authentic cable.

by trinsic2

4 subcomments

Jeese. I was not sure which image was the suspect one.

by tamimio

0 subcomment

Interesting, not too useful as I doubt most of the readers here have that Xray machine.
I remember years ago I had similar issue, I got one of those FTDI USB cable to interfere with a drone payload, and it was simpler to just plug in the USB cable into the jetson rather than having a small exposed circuit around, but I ended up having performance issues and interruptions that eventually I replaced it with traditional FTDI exposed circuit, I still have the cable till now but I don’t have the X ray machine to check!

by gnabgib

0 subcomment

Related USB-C head-to-head comparison (389 points, 2023, 219 comments) https://news.ycombinator.com/item?id=37929338

by avadodin

0 subcomment

I couldn't tell a thing about the naqqadah resistor positron-brain whattamajig on the right answer but the wrong answer looked too neat for something actual people would design.

0 subcomment

by MiiMe19

0 subcomment

The bottom one is suspicious because it is bigger !!!!!

by thesaintlives

0 subcomment

We bought an x-ray machine and need customers...

by androng

0 subcomment

this is an advertisement for the company

by stainablesteel

0 subcomment

it's a serious problem
they could be regulated to expose their chip with transparent covering rather than plain dark wiring

by d0ublespeak

0 subcomment

This is such a nothing burger corporate ad. They purchased a cheap cable and it sucks. So let’s X-ray it and make a thought piece post about implants…