Legit-looking modified lightning cables can be used to access Apple devices remotely
A security researcher has created a modified Apple Lightning cables that could potentially allow an attacker to remotely access your Mac computers.
The inventor of the cable, only known as _MG_ on Twitter, demonstrated the Apple USB Lightning cable dubbed as “OM.G Cable” at the Def Con hacking conference in Las Vegas over the weekend.
According to MG, the malicious cable is indistinguishable from a normal Lightning cable and works exactly like a legitimate Apple Lightning cable such as charging phones and syncing data.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
Details and update here: https://t.co/0vJf68nxMx
— _MG_ (@_MG_) August 9, 2019
“MG typed in the IP address of the fake cable on his own phone’s browser and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim’s computer,” reports Motherboard.
The cable comes with a wireless implant that allows the hack to take place. Once plugged into your device, hackers can access the computer via a Wi-Fi hotspot it creates and wirelessly transmits malicious payloads, scripts, and commands on the victim’s computer.
It allows attackers to execute commands over Wi-Fi as if the victims are sitting in front of the system, issuing commands with a mouse and keyboard.
Further, hackers can control a computer connected to one of these cables from up to 300 feet away. The cables also include a “kill switch” to hide evidence of any suspicious activity or its existence. As a result, hacked computers and their users won’t be able to notice a difference until their device is completely taken over.
“It looks like a legitimate cable and works just like one,” said MG, speaking to Motherboard. “Not even your computer will notice a difference – until I, as an attacker, wirelessly take control of the cable.”
MG who made the cables himself by modifying real Apple cables to include the implant now wants to get the cables produced as a legitimate security tool. He is teaming up with Hak5, a company that sells pentest devices, to build these cables right from scratch rather than from altered Apple cables.
MG is selling the OM.G cables to the Def Con customers for $200. “Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables,” concluded MG.
In order to keep your devices safe from such tools, it is always a good idea to avoid buying cables from untrusted vendors and only use the cable received in your iPhone box.
Apple too recommends using only those accessories that Apple has certified, and that comes with the “Made for Apple” symbol.
“To identify counterfeit or uncertified cables and accessories, look carefully at the accessory’s packaging and at the accessory itself,” Apple explains.
“Certified third-party accessories have the MFi badge on their packaging.
“An Apple Lightning to USB cable has “Designed by Apple in California” and either “Assembled in China,” “Assembled in Vietnam,” or “Indústria Brasileira” on the cable about seven inches from the USB connector.
“You’ll see a 12-digit serial number at the end of this text.
“A certified, third-party Lightning to USB cable usually has company branding on the Lightning-connector end.”