Global cyber security firms have been releasing advisories on how to stay protected from the threats lurking online. But what if someone takes advantage of a piece of hardware to compromise your PC, and you don’t even understand how that happened? A security researcher, who has a Twitter handle by the name @_MG_, has customised an Apple Lightning Cable that can give him access to the computer of the cable’s user. Worried now? Read on to know more.
The cable looks like the one offered by Apple, and works exactly like it’s supposed to. But it also gives an attacker a way to remotely tap into your computer. What you need to do is to connect your iPhone, iPad or iPod that has a port for a regular Lightning Cable to a PC. You must be thinking that why would you do that? Obviously to charge it or sync/update your data, which basically a normal thing iPhone users would do.
How does an attacker gets access to the PC?
As mentioned, this cable is custom-made and the maker has added an implant in it. That component emanates a wifi hotspot that can assist the attacker to open a terminal and run commands on the PC. In fact, the cable, called O.MG Cable, comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. The researcher (MG) typed in the IP address of the fake cable on his own phone's browser, and ran tools on the victim's computer. Moreover, the hacker can also remotely “kill” the USB implant to hide evidence of its use or existence, Vice reported.
“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable. It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” the security researcher told Motherboard. MG suggested that people can swap it for a target's legitimate one or even gift this rigged cable to the target.
Reportedly, MG made these cables by hand. “In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way,” he was quoted as saying. He is selling the cables for $200 each, and what’s interesting is that people are actively showing interest in buying this malicious cable. He showed a demo at DEF CON, an underground hacking conference that was held from August 8-11 in Las Vegas, Nevada.
“I’m currently seeing up to 300 feet with a smartphone when connecting directly,” he said, adding that a hacker can use a stronger antenna to expand the reach. “But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited,” he added. The researcher, however, wants to use this hack as a legitimate security tool. “Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables,” he said, adding that these cables can be made from scratch rather than modified Apple ones.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
I’ve been very busy with @d3d0c3d & @clevernyyyy.
Details and update here: https://t.co/0vJf68nxMx