This Normal-Looking Lightning Cable Actually Steals All of Your Data

Here’s some Mr. Robot-degree intrigue for you: Imagine an innocuous-wanting USB-to-Lightning cable that, as soon as plugged into your machine, truly helps hackers steal the entire date out of your iPhone and inject malware onto your system. If that seems like one thing from a far-fetched TV present, it’s, shock, truly a factor.

Motherboard recently wrote about simply such a difficult little product, bought by cybersecurity firm Hak5 and dubbed the “OMG cable” after its inventor, security researcher MG. The wire, which appears to be like nearly precisely like an Apple Lightning cable and is bought in a USB-C or USB-A format, is loaded with a hidden chip and provides a person the power to remotely steal information or deploy malicious software program onto MacBooks, iPads, and iPhones. The product, which was beforehand demoed at the cyber conference DEFCON in 2019, is used as a penetration testing software, Vice studies.

How it really works: Once plugged in, the OMG basically units up a wifi hotspot, which a distant person can then hook up with. From there, an internet interface that comes with the product permits the hacker to document and log exercise from the goal system. The keylogger logs as a lot as 650,000 keystrokes, in keeping with Hak5. The firm describes it as being “built for covert field-use, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly change your tooling on the fly.”

There are a good quantity of movies on YouTube that stroll you thru how the whole factor works. As instance, right here’s one from tech vlogger David Bombal:

Naturally, you possibly can think about some fairly nefarious eventualities involving this product. For a spy to hack you, all they’d actually need to do is wait so that you can go to the lavatory at a espresso store, then stealthily swap out your precise Lightning cable for the OMG. From there, it’s just a bit little bit of distant finessing to get all of your information again to their very own server.

G/O Media could get a fee

Great Twitch Streamers!
Embrace your creativity and all this energy.

While there’s a restricted geographic scope to its performance, it apparently works from a reasonably long way. “We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” MG informed Motherboard.

Yes, spectacular, but additionally, yikes. In quick: Keep your ports protected and be protected on the market.