A new updated version of a malicious Lightning cable that can steal user data and send it remotely to an attacker illustrates the threat of unreliable accessories.
The OMG cable, which looks exactly like a standard USB to Lightning cable, was first demonstrated in 2019 by security researcher MG. Since then, MG has been able to work with cybersecurity vendor Hak5 to mass-produce cables for researchers and penetration testers.
While users might not find anything unusual about cables from the outside, they do pack some modifications that make them useful for hackers. An OMG cable connected to a Mac could, for example, record passwords or anything else a user types and send that data to a remote attacker.
The new version of the OMG cable includes a Lightning to USB-C option and other enhanced features for security researchers to try out. Vici reported Thursday.
“There were people who said that type C cables were safe for this type of implant because there isn’t enough space. So clearly, I had to prove it was wrong,” the researcher said. MG security. Vici.
For example, MG says the new cables have geofarming features that can change attacks depending on the victim’s physical location. The range of cables has also been improved, with researchers capable of causing malicious payloads more than a mile away. The addition of USB-C connectivity could also, in theory, allow the cable to carry out attacks such as mobile devices such as the iPhone.
OMG cables, available at Hak5 for about $ 120, work by creating a Wi-Fi hotspot to which an attacker can connect from their own devices. Once connected, they can use a normal web browser interface to record keystrokes or perform other attacks.