Using a non-genuine lightning cables isn’t a good idea. A non-MFi certified cable can not only harm your iPhone but it can also give users electric shocks. However it looks like there are more reasons to avoid a cheap lightning cable that you can buy online or at your local store.
Vice has published a report detailing how hackers can use normal looking lightning cables with extra components to remotely gain access to your computer and run Terminal commands on it among other things, whenever they like. This can potentially result in hackers extracting data from your computer or encrypting its data for ransom.
The cables were made by a security researcher known as MG look and function like a normal cable. In fact these are modified versions of Apple made lightning cables.
“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way,” he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.
When you plug them in your computer the iTunes will detect the device and iOS will even ask if you want to trust this computer – a normal behavior when connecting an iOS device to Mac using a USB cable. Both the computer and iOS devices are incapable of detecting any extra components hiding inside the cable.
While it is unlikely that such cables will be sold in your local tech store, this malicious tool, which is called O.MG Cable can be used to target specific people. For example, an attacker might replace a legitimate lightning cable used by a victim with the O.MG Cable without the victim noticing, or this cable can be given to the target as a gift. Since the tool looks like any normal cable there’s no reason for the victim to suspect anything malicious is going on.
The cable comes with various payloads, or scripts and commands that an attacker can run on the victim’s machine. A hacker can also remotely “kill” the USB implant, hopefully hiding some evidence of its use or existence.
When the cable is connected to the victim’s Mac, hacker is able to connect to it using cable’s IP address and use his phone’s browser to perform various functions on the target computer. Right now hacker is able to take advantage of the hack sitting up to 300 meters away from the target computer.
Security research MG says Apple’s own cables are most difficult to mess around it and feels confident that if he is able to hack Apple’s cables, creating O.MG Cable from scratch wouldn’t be that difficult.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
Details and update here: https://t.co/0vJf68nxMx
— _MG_ (@_MG_) August 9, 2019
You can learn more about O.MG Cables and buy them for $200 here.