The O.MG Cable (developed by Mischief Gadgets / MG) is perhaps the most insidious attack tool in modern cybersecurity. It looks exactly like a normal USB charging cable – including original branding and connector design – but contains a miniaturized microcontroller and a Wi-Fi chip inside the USB plug. An attacker can control the cable remotely via their own Wi-Fi network and launch attacks at any time while the cable is connected to the computer.
The attacker opens a web interface and sends commands to the cable – at any time, even hours after it was plugged in. The cable executes them as keystrokes.
Attacks can be time-scheduled – e.g. in the middle of the night when the computer was left unlocked.
The cable is swapped with the victim's original cable. This "evil maid" attack is particularly insidious in hotels or at unattended workplaces.
A keystroke injection can open a reverse shell, giving the attacker persistent, interactive access – without any additional hardware.
Files, passwords, or keys can be exfiltrated via the cable – the USB cable itself is the data channel.
The cable is ideal for targeted attacks on individuals: placed as a "gift" or deliberately left behind, the victim plugs it in themselves.
The cable is plugged in – the victim thinks they're charging their device. The attacker opens the web interface and triggers the attack.
Visually undetectable: The O.MG Cable passes visual inspection. Even experienced security professionals cannot distinguish it from a real cable without measurement equipment.
Patience: The attacker doesn't need to be present during the attack. The cable waits patiently for the optimal moment.
No suspicion: "My laptop is charging" – nobody thinks of an attack. The cable does nothing conspicuous until the attack is triggered.
Affordable and available: The cable costs approximately $150–200 USD and is publicly available.
1. Only use your own cables: Never use someone else's USB cable – even briefly for charging. Always carry your own cable.
2. Use USB data blockers: Special USB adapters (so-called "USB condoms") allow only power, no data communication – keystroke injection is impossible.
3. Disable USB ports: In high-security environments, unused USB ports can be locked down.
4. Never leave your computer unlocked: Even an O.MG Cable can't do anything if the computer is password-locked (BadUSB cannot bypass a lock screen).
5. Watch for unusual activity: Suddenly opening terminals or command prompts are a warning sign.