Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer

by

A security researcher named MG has developed a Lightning cable replacement that can give hackers a way to remotely access your computer, reports Motherboard.

The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.

hackedcablemotherboard

Image via Motherboard

When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.

MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

"It's like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.

In a test with Motherboard, MG was able to connect his phone to a WiFi hotspot that the cable was emitting. He said he needed to be within 300 feet to access the target machine, but also said that the cable can be configured to act as a client for a nearby wireless network, potentially allowing for hacking from an unlimited distance.

"I'm currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."

MG imagines the cable could be swapped in for a target's legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.

It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.

Top Rated Comments

mr.steevo Avatar
mr.steevo
61 months ago
Be wary of a guy in a trench coat handing out free Lightening Cables.
Score: 75 Votes (Like | Disagree)
DrJohnnyN Avatar
DrJohnnyN
61 months ago
Wow. Scary.

"Those concerned should buy cables directly from Apple without accepting free cables from anyone."

People give out free cables?
Score: 49 Votes (Like | Disagree)
SecuritySteve Avatar
SecuritySteve
61 months ago
I think the scariest part of this is that it shows that should a supply chain be compromised, and secret components added to the manufacturing process, it would be virtually impossible to detect prior to normal use.

Good work though. It might lead to more 'do you trust this keyboard?' prompts though...
Score: 37 Votes (Like | Disagree)
ckurt25 Avatar
ckurt25
61 months ago
This is why we can’t have nice things.
Score: 31 Votes (Like | Disagree)
konqerror Avatar
konqerror
61 months ago
Get a Sharpie and mark a soot on your cables. Problem solved.
Attacker has ability to embed a small computer and wireless transceiver in a tiny USB cable and covertly connect to it.
Attacker can't figure out how to use a Sharpie.
Score: 24 Votes (Like | Disagree)
konqerror Avatar
konqerror
61 months ago
I'm finding that Anker makes pretty good alternatives.
That would be the opposite of what you want. You want a supplier that you know has strong supply chain security protections. Anker is a foreign-owned company which, for even mid-level security regulations, disqualifies it right there.

Plus, buying from Amazon is the absolute worst because they co-mingle inventory. Somebody could send tampered cables for sale via FBA, and they would send them to you as sold by Amazon or Anker. Buying from mail order allows for targeted attacks, even somebody swapping the package on your porch. The safest would be to walk right into a random Apple store and select a box off the shelf.
Score: 16 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article264 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article399 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article211 comments
iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Read Full Article446 comments
apple vision pro orange

Apple Vision Pro Customer Interest Dying Down at Some Retail Stores

Monday April 22, 2024 2:12 am PDT by
Apple Vision Pro, Apple's $3,500 spatial computing device, appears to be following a pattern familiar to the AR/VR headset industry – initial enthusiasm giving way to a significant dip in sustained interest and usage. Since its debut in the U.S. in February 2024, excitement for the Apple Vision Pro has noticeably cooled, according to Bloomberg's Mark Gurman. Writing in his latest Power On...
Read Full Article358 comments