When it comes to avoiding viruses and malware, most people know not to open strange emails from unidentified senders or download something from an unsecured website, but few would be concerned about using an unknown charging cable for their phone. But one hacker has been working on a project to expand people’s awareness of what they should view as a potential threat.
A hacker known online as MG, outfitted a regular Apple USB Lightning cable with a tiny Wi-Fi-capable implant. When the deceitful cable is plugged into a PC, it allows a nearby hacker to run commands as if they were looking directly at the computer’s screen.
Known as the O.MG cable, it functions nearly exactly the same as a normal iPhone charging cable. Once the sneaky cable is connected to the victim’s PC, through a nearby Wi-Fi network, the hacker can wirelessly transfer malicious payloads to the computer with pre-set commands or their own custom code.
Once the attacker gains control, they can remotely deliver phishing pages that appear legitimate, or lock the computer’s screen and gather the user’s password when they attempt to log back in.
White hat crushes the idea that Apple devices are impenetrable
The Wi-Fi implant can be used on pretty much any cable, but MG decided to direct his first attempt on the Apple Lightning cable to display its effectiveness.
“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” said MG. “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”
MG’s day job as a red teamer at Verizon Media has him creating groundbreaking hacking techniques to discover and correct security weaknesses before malicious hackers have a chance to exploit them.
“Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,” MG explained. “This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough. Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat”.
Working with other hackers to develop the code and find vulnerabilities, MG dedicated many hours and thousands of dollars out of his own pocket to establish the project. MG still has more plans to further advance the O.MG cable’s abilities.
“It really just comes down to time and resources at this point. I have a huge list in my head that needs to become reality,” said MG.