• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • Twitter
    • Newsletters
    • Facebook
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • General election
  • Huawei sues FCC
  • Xerox vs HP
  • Galaxy S11
  • McAfee 2020
The Inquirer
  • Security

Modified malicious Lightning cables enable remote PC hacking

Thunderbolt ports and Lightning, very very frightening

Modified malicious Lightning cables enable remote PC hacking
Hacked Lightning cables could be the next security thing to worry about
  • Roland Moore-Colyer
  • Roland Moore-Colyer
  • @RolandM_C
  • 13 August 2019
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

THE ONLY RISK Apple's Lightning cables have posted until now is frustration at Cupertino's insistence on a propitiatory connector for its iThingys. But that's changed, thanks to a security researcher flogging compromised cables that can help hijack a computer.

The security researcher or hacker - depending on who you listen to - goes by the name of _Mg_ on Twitter and flogged the malicious Lighting cable for $200 at this year's Def Con Las Vegas hacking convention. MG tweeted the cables had sold like hotcakes and that he was all out.

The hacking cable dubbed the O.MG cable - we see what you did there, pal - works just like a normal Lightning cable, charging an iPhone and transferring things to and fro between a connected PC and the iGadget. But the innocent-looking cable has a sting in its tail in the form of a WFi implant that allows a hacker with the correct software to tap into it and access the machine it's connected to through a device in wireless range.

However, if the cable connects to a WiFi network with external internet access, the cable could theoretically be used to hack a connected computer from across the world. An attacker using the cable could use the access to the computer to fire phishing pages into the victim's peepers or lock a PC then snaffle the password when the user tries to log back in, thereby compromising the system.

I will be dropping #OMGCables over the next few days of defcon.

I will also have 5g bags of DemonSeed, if that's your thing.

I've been very busy with @d3d0c3d & @clevernyyyy.

Details and update here: https://t.co/0vJf68nxMx

🌚🔥 pic.twitter.com/lARWTYHZU1

— _MG_ (@_MG_) 9 August 2019

While MG focussed the hack vector on Apple's proprietary cable, he told TechCrunch that was because it's the trickiest to hack and that the same technique would work on other USB cables.

"This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types," MG said. "Apple just happens to be the most difficult to implant, so it was a good proof of capabilities."

We can imagine such cables infiltrating stores, offices and homes and unwittingly opening a lot of Apple lovers to potential hacking.

MG told Motherboard that making the cable takes a bit of time; some four hours beavering away in his kitchen to modify a Lightning cable by hand. But once done, the cable has a WiFi range of 300ft and has a kill switch in it to erase the hacker's presence once they're done with their malicious PC prodding.

As far as hardware hacks go, we can't deny that this is a cool bit of kit, even for $200. And MG plans to sell more at a rate of at least one-per-day, though he seems to be presenting them as a security testing tool than a must-have accessory for your common cyber crims...yeah right. µ

Further reading

  • Handhelds
Apple's incoming iPad Pro 'confirmed' to ditch Lightning for USB-C
  • 19 Oct 2018
  • Handhelds
Apple's next iPad Pro might ditch Lightning for USB-C
  • 11 Sep 2018
  • Hardware
EU might force Apple to ditch Lightning connector in favour of USB
  • 07 Aug 2018
  • Phones
iPhone 8: Analyst rubbishes USB-C talk, points to fast charging via Lightning
  • 02 Mar 2017
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Apple
  • Hacking
  • Lightning cable
  • iphone
  • Security

INQ Latest

china
China's Kylin forks are about to join up for new 'domestic os'

Might need to come up with a better name though

  • Software
  • 12 December 2019
iPhone users are officially more horny than Android fans

There's an app for *that*

  • Controversy
  • 12 December 2019
WhatsApp is giving up on some ageing phones

WhatsAppalava

  • Software
  • 12 December 2019
An ex-Apple executive claims the company spied on his phone after he left
An ex-Apple executive claims the company spied on his phone after he left

American as Apple Spy

  • Controversy
  • 11 December 2019
Back to Top

Most read

Apple's iPhone 12 looks set to boast improved battery life
Apple's iPhone 12 looks set to boast improved battery life
Microsoft debuts its first native Office app for Windows
Microsoft debuts its first native Office app for Linux
An ex-Apple executive claims the company spied on his phone after he left
An ex-Apple executive claims the company spied on his phone after he left
Facebook tells the US, UK and Australia that it won't be breaking chat encryption
Facebook tells the US, UK and Australia that it won't be breaking chat encryption
Silicon Valley: Final episode review
Silicon Valley: Final episode review
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • Newsletters
  • Facebook

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017