It looks-likke a Lightning cable, it works like a Lightning cable, and that i can use to connect keyboard to Mac. But it’s actually a malicious cable which can record everything I type, including passwords, & wirelessly send that data to a hacker who might be quite a mile away.
This is the remake of a series of penetration testing tools made by the safety researcher referred to as MG. MG previously demoed an earlier version of the cables for Motherboard at the DEF CON hacking conference in 2019. Shortly then , MG said he had successfully moved the cables into mass-production , & cybersecurity vendor Hak5 started selling the cables.
But the newer cables are available with new physical variations, including Lightning to USB-C, & include more capabilities for hackers to play with.
“There were people that said that Type C cables were safe from this sort of implant because there’s not enough space. So, clearly, I had to prove that wrong. :),” MG told Motherboard in a web chat.
The OMG Cables, as they’re called, work by creating a Wi-Fi hotspot itself that a hacker can connect with from their own device. From here, an interface in ordinary-browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of plastic shell, MG said.
MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based-on physical location of cable.
“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement & you do not want your payloads leaking or being accidentally run against random computers,” he said.
Motherboard only tested the cables in relatively close proximity, but MG said they’ve improved the range of cables.
“We tested this out-in down-town Oakland and were ready to trigger payloads at over 1 mile,” he added.
He said that type-C cables allow same kind of attacks to be administered against smartphones & tablets. Various other improvements include being able to vary keyboard-mappings, the power to forge the identity of specific USB devices, like pretending to be a device that leverages a specific vulnerability on a system.
Apple didn’t answer an invitation for comment. The set of cables MG provided to Motherboard for testing purposes also included a black USB-C to USB-C cable, which might be designed to mimic cables related-to-different, non-Apple products.
The ongoing pandemic has also complicated manufacturing process for cables, MG explained.
“The pandemic has made an already difficult process far more difficult with the chip shortage. If any in-dividual component is out of stock, it’s basically impossible to seek out a replacement when fractions of millimeters are important. So I just need to wait 12+ months certain-parts to be available ,” MG told Motherboard in a web chat. “We will easily lose $10k in cables when testing a process change. During chip shortage, it’s hard to not check out a loss like that & see an entire bunch of dead components that can’t get replaced for over a year.”
The article re-published here from Vice.