Little Gadgets’ Hacknect cable packs an ESP32‑S3, microSD slot and full‑speed USB into a normal‑looking USB‑A lead. The device is controllable from a browser, supports HID keystroke and mouse injection, Wi‑Fi triggers and a self‑destruct mode, and will ship to backers in August. Its open‑source firmware and sub‑$82 price point make it a cheaper, community‑focused alternative to the O.MG cable.
Announcement
A Kickstarter campaign for the Hacknect cable has crossed the $1 million mark only three weeks after launch. The project, backed by Little Gadgets, promises a USB‑A to USB‑C lead that looks identical to an off‑the‑shelf charging cable but hides an ESP32‑S3 microcontroller, a microSD slot and 2.4 GHz Wi‑Fi inside the Type‑A connector. Backers can purchase the red or white version for $82 (≈ €70), with the first production run slated for August 2024.
{{IMAGE:2}}
Technical specifications
| Feature | Detail |
|---|---|
| Processor | Espressif ESP32‑S3 – dual‑core, 240 MHz, AI‑accelerated vector extensions |
| Wireless | 802.11b/g/n Wi‑Fi, Bluetooth 5.0 LE |
| Storage | Built‑in microSD/TF slot (up to 32 GB) directly on the USB‑A housing |
| USB mode | Full‑speed (12 Mbps) USB 2.0, supports data + power |
| Power draw | ≤ 100 mA idle, ≤ 500 mA during HID bursts |
| Firmware | Open‑source, based on ESP‑IDF, hosted on GitHub (link) |
| Control interface | Browser‑based UI served over Wi‑Fi (no driver install) |
| Security | Self‑destruct wipe, encrypted payload storage, optional OTA signing |
How the hardware fits inside a cable
The ESP32‑S3 is normally sold on a 5 × 5 mm dev‑kit board. Little Gadgets has re‑engineered the die‑level package to sit inside the USB‑A shell, sharing the same pins that would normally carry D+ and D‑ lines. The microSD card slides into a recessed slot on the opposite side of the same connector, keeping the overall diameter under 4 mm – indistinguishable from a regular charging lead.
Firmware capabilities
- Keystroke injection – HID reports are generated at up to 500 Hz, allowing rapid password‑spraying or command‑line payloads.
- Mouse automation – Precise cursor moves, scroll events and drag‑and‑drop sequences are programmable.
- Payload slots – Up to 8 binary payloads can be stored on the SD card, each addressable via a REST‑like endpoint.
- Wi‑Fi triggers – A simple HTTP GET to
http://<device>/run/1fires the first payload; the same endpoint can be secured with basic auth. - One‑click deployment – The web UI presents a “Launch” button that streams the selected payload over USB instantly.
- Self‑destruct mode – A hardware button on the cable shorts the SD power rail, erasing the card in < 2 seconds.
Open‑source advantage
Unlike the proprietary O.MG cable, Hacknect’s source code, board schematics and a starter‑kit of payload examples will be released under the MIT license. This enables security researchers to audit the firmware, add custom modules, or integrate the device into larger test rigs without legal barriers.
Market implications
- Price pressure on stealth‑USB tools – At $82, Hacknect undercuts the O.MG cable’s retail price (~$200) by more than 60 %. If production yields meet the Kickstarter timeline, we could see a rapid shift toward community‑driven hardware for red‑team engagements.
- Supply‑chain considerations – The ESP32‑S3 is fabricated by TSMC on a 40 nm node, with annual capacity in the high‑millions. Little Gadgets’ reliance on a single microcontroller model means any fab‑related shortage (e.g., the recent 2023‑24 Wi‑Fi chip shortage) could delay shipments beyond the promised August window.
- Regulatory scrutiny – Devices that combine USB HID functionality with wireless command channels fall under the same export‑control categories as penetration‑testing tools. Open‑source distribution may attract attention from customs agencies in the EU and US, potentially prompting classification as “dual‑use” equipment.
- Education and training market – The low entry price and browser‑based UI make Hacknect attractive for cybersecurity labs, university courses and maker‑space workshops. Vendors of cyber‑range platforms may adopt the cable as a standard “physical‑access” vector.
- Potential for abuse – While the project markets itself to “makers, developers, enthusiasts, and learners,” the same capabilities enable covert data exfiltration, credential harvesting and supply‑chain attacks. Organizations should update their USB device policies to include detection of anomalous HID traffic, even from cables that appear innocuous.
The Hacknect campaign continues to accept backers until June 12, 2024. For the latest updates, see the official Kickstarter page (link).
Comments
Please log in or register to join the discussion