Beware: These legit-looking iPhone Lightning cables will hijack your computer

It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer, Joseph Cox explains for Vice Motherboard:

“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,” the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.

One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target’s legitimate one. MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.

“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG said.

“I’m currently seeing up to 300 feet with a smartphone when connecting directly,” he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, “But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited.” he added.

MacDailyNews Take: Things that make you want to use only a href=”https://amzn.to/2YSI4d6″ target=”_new”>genuine Apple Lightning cables that you’ve personally purchased and unpackaged.

https://twitter.com/MG/status/1159677729387581440

3 Comments

  1. I went to the site and read the story. The hacker claims these cables are (for now) hand modified real Apple cables. So Made is China? Yes, of course, all Apple Official Cables are made in China. But perhaps modified in the USA.

    However, there are elements of the story that don’t made any sense. The article states the hacker added components, “Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.” The pictures in the story show a cable virtually indistinguishable from an unmodified cable. My understanding is the Lightening cable has a chip in it. Unless the hacker has found a way to insert a software package into the existing chip that bootstraps itself into the Mac OS, I don’t see how this can work. I don’t think anyone could add a second chip(or chips) into the cable without changing the exterior appearance of the cable.
    So can a cable inject a virus unto a Mac? I suppose this is like putting malware on a USB key and plugging it into a computer. But how capable is the chip in a lightning cable?

    Also, I don’t enough about security on the Mac to if input from a lightning cable can bypass security and access the Mac with root access.

    The article seems like spreading FUD to me.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.