These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer
Electronics & Gadgets  
vice

It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

 

I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.
 
But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.
 
"It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.
 
One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.
 
MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.
 
"It’s like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.
 
The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence.
 
MG made the cables by hand, painstakingly modifying real Apple cables to include the implant.
 
"In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.
 
In the test with Motherboard, MG connected his phone to a wifi hotspot emanating out of the malicious cable in order to start messing with the target Mac itself.
 
"I’m currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited." he added.
 
Now MG wants to get the cables produced as a legitimate security tool; he said the company Hak5 is onboard with making that happen. These cables would be made from scratch rather than modified Apple ones, MG said.
 
MG added, "Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables."

 
 


 
 


 
More in Electronics & Gadgets
Bajaj Pulsar 125 Neon Launched In India; Priced At ₹ 64,000

The Bajaj Pulsar 125 Neon is the entry-level model in the Bajaj Pulsar family, and will offer an affordable Pulsar with prices expected to go up for the 150 cc Pu...

Recently posted . 20 views

Jio GigaFiber plans to start from Rs 700 per month, offer 4K set-top b...

Jio has announced the GigaFiber commercial service in India. GigaFiber will launch on September 5 and will offer plans starting from Rs 700 per month.

Recently posted . 22 views

DSLR Firmware Flaw Can Leave You Vulnerable to Ransomware: Here's How ...

A recent report by Check Point Software stated how hackers can easily transfer malicious software to DSLRs, thereby putting even cameras at risk of ransomware att...

Recently posted . 18 views

Keeping Women's Safety In Mind, Hyderabad Man Invents 'Smart Bangles' ...

A young man in Hyderabad has come up with a brilliant idea keeping the security of women in mind. 23-year-old Gadi Harish claims that he invented ‘smart ban...

1 week ago . 20 views

Google Admits Most Android Users Prefer Three Button Navigation And No...

Android Q, the next version of Android, will have gesture navigation as default but there will be the option to switch to the navigation keys.

1 week ago . 18 views

 
 
 

Prashnavali

Thought of the day

“Most of the shadows of this life are caused by standing in one’s own sunshine.”
Ralph Waldo Emerson