To be fair, this story is basically an ad, but a pretty good one, and many featured HN stories are really marketing. Personally, I don’t mind marketing stuff, if it’s interesting and relevant (like this).
But the fact that most comms cables, these days, have integrated chips, makes for a dangerous trust landscape. That’s something that we’ve known for quite some time.
BTW: I “got it right,” but not because of the checklist. I just knew that a single chip is likely a lot cheaper than a board with many components, and most counterfeits are about selling cheap shit, for premium prices.
But if it were a spy cable, it would probably look almost identical (and likely would have a considerably higher BOM).
That tickled a memory of a video... and I hunted it up.
Adam Savage's Tested : Look Inside Apple's $130 USB-C Cable - https://www.youtube.com/watch?v=AD5aAd8Oy84 (1 minute in "we've been saying that our phones have more computing power than the Apollo guidance computer but I'm positive now that this cable has more computing power than the Apollo guidance computer")
That video is a look at cables (not just Apple's) with Lumafield's CT Scan.
Lumifield quite recently showed on Adam Savage's Tested again, with some literal insights on a reasonably-diverse array of different 18650 cells: https://www.youtube.com/watch?v=AD5aAd8Oy84
It's a good watch, and I learned some new stuff about some things that I only knew a little bit about before.
It would be a pretty amusing demonstration to plug in the cable to a display, then pretend to plug the other end into an imaginary computer sitting nearby and have something boot up on the display.
It'd be a cool physical demonstration at a cybersecurity roadshow.
A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Often the keyboard receiver is plugged into the monitor's USB hub and so screen and HID are both going along a single cable ... Which also does power delivery. Such cables are a definite "sales category" and could be a target for supply chain attacks. But if they now have chips onboard, doesn't that mean an attacker could even takeover a genuine cable? It seems like a real risk tbh.
> A concern: with all this computing onboard, does this mean a malicious USB-C cable could record screen and keystroke?
Keystrokes: Easily. At least for USB 3 and 4, USB 1/2 data is a physically separate channel that just happens to almost always be packaged alongside the faster stuff, so the lower speed stuff like input devices is easy to intercept. I don't know if Thunderbolt does the same or not, normally USB-C alternate modes still keep the USB 2.0 signals available but Thunderbolt might be an exception.
Screen: Probably not modern video modes in a purely stealthy cable formfactor *YET*, at least not using COTS parts, but it wouldn't surprise me to find the secret squirrel types either already have it or are working on it.
It is possible that the tech exists, but isn't yet at a point that it can be easily mass-produced, which means "spy cables" may actually be available, from Q-types.
Was going to say the same thing. With way more processing power you could output the video over USB-C/TB at one end and connect a keyboard at the other.
I also got it right, but for the entirely wrong reasons!
I assumed the "suspicious" cable was a spy cable, and then guessed that the bigger integrated circuit was probably responsible for doing secret spy stuff, while the smaller circuit up top was all that was needed for ordinary cable work. Turns out the cables do basically the same thing (no fancy spying!), and one is just cheaper.
Similar reasoning, don't know if it's "wrong" reasoning.
The large chip looks like it's purposely placed to intercept every single incoming signal, and then route them through afterward. Just because they're "experts" does not mean they notice issues that a "naive" observer might have noticed. Get lost in the trees.
It looks like a big chip for doing "secret spy stuff".
I felt the same way reading this. A fake FTDI cable? I mean there's no way right? I've never bothered to verify but I'm pretty sure I don't actually even have a single authentic one. I wouldn't know where to order from if I wanted an authentic one.
I got it right too. But for an entirely naive reason. The smaller the components the more complex machines you would need - more expensive. Plus the more wiring on the io 3 vs 3+
Huh! I originally thought the bottom one was authentic because the main IC looked a lot “nicer”. Then I saw the jumble of wires to the right and rethought.
If you look closely at the bottom one, almost all the components are slightly askew, while the top one has everything at neat 90 degrees. And a smaller IC almost always means the more modern/expensive IC. Same for the other components. In fact, the top one has a much higher component count, the small components just don't show up well (look at the pads though).
Also look at the number unused/unconnected pins on the chip. The fake seems to be using a generic chip programed to act like the real thing. The extra pins are for functions it doesnt need in this use case. A professional-grade product will use a carefully-selected chip with no extra capabilities or unused pins.
If you look at enough cheapo/handmade circuit boards you'll notice they often look like the bottom one. Cramped, untidy, or otherwise odd trace layout, poor part placement, poor soldering. The top one - although looking less space efficient because there's more going on - is layed out better. The design just flows in a way amateur designs don't.
But the fact that most comms cables, these days, have integrated chips, makes for a dangerous trust landscape. That’s something that we’ve known for quite some time.
BTW: I “got it right,” but not because of the checklist. I just knew that a single chip is likely a lot cheaper than a board with many components, and most counterfeits are about selling cheap shit, for premium prices.
But if it were a spy cable, it would probably look almost identical (and likely would have a considerably higher BOM).