Modified malicious Lightning cables enable remote PC hacking

Tweet
Facebook
Send to

THE ONLY RISK Apple's Lightning cables have posted until now is frustration at Cupertino's insistence on a propitiatory connector for its iThingys. But that's changed, thanks to a security researcher flogging compromised cables that can help hijack a computer.

The security researcher or hacker - depending on who you listen to - goes by the name of _Mg_ on Twitter and flogged the malicious Lighting cable for $200 at this year's Def Con Las Vegas hacking convention. MG tweeted the cables had sold like hotcakes and that he was all out.

The hacking cable dubbed the O.MG cable - we see what you did there, pal - works just like a normal Lightning cable, charging an iPhone and transferring things to and fro between a connected PC and the iGadget. But the innocent-looking cable has a sting in its tail in the form of a WFi implant that allows a hacker with the correct software to tap into it and access the machine it's connected to through a device in wireless range.

However, if the cable connects to a WiFi network with external internet access, the cable could theoretically be used to hack a connected computer from across the world. An attacker using the cable could use the access to the computer to fire phishing pages into the victim's peepers or lock a PC then snaffle the password when the user tries to log back in, thereby compromising the system.

I will be dropping #OMGCables over the next few days of defcon.

I will also have 5g bags of DemonSeed, if that's your thing.

I've been very busy with @d3d0c3d & @clevernyyyy.

Details and update here: https://t.co/0vJf68nxMx

🌚🔥 pic.twitter.com/lARWTYHZU1
— _MG_ (@_MG_) 9 August 2019

While MG focussed the hack vector on Apple's proprietary cable, he told TechCrunch that was because it's the trickiest to hack and that the same technique would work on other USB cables.

"This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types," MG said. "Apple just happens to be the most difficult to implant, so it was a good proof of capabilities."

We can imagine such cables infiltrating stores, offices and homes and unwittingly opening a lot of Apple lovers to potential hacking.

MG told Motherboard that making the cable takes a bit of time; some four hours beavering away in his kitchen to modify a Lightning cable by hand. But once done, the cable has a WiFi range of 300ft and has a kill switch in it to erase the hacker's presence once they're done with their malicious PC prodding.

As far as hardware hacks go, we can't deny that this is a cool bit of kit, even for $200. And MG plans to sell more at a rate of at least one-per-day, though he seems to be presenting them as a security testing tool than a must-have accessory for your common cyber crims...yeah right. µ