Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer

A security researcher named MG has developed a Lightning cable replacement that can give hackers a way to remotely access your computer, reports Motherboard.

The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.

hackedcablemotherboard


When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.

MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

"It's like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.

In a test with Motherboard, MG was able to connect his phone to a WiFi hotspot that the cable was emitting. He said he needed to be within 300 feet to access the target machine, but also said that the cable can be configured to act as a client for a nearby wireless network, potentially allowing for hacking from an unlimited distance.

"I'm currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."

MG imagines the cable could be swapped in for a target's legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.

It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.

Popular Stories

iOS 18 Mock iPhone 16 Feature Gray

Revealed: iOS 18 Works With These iPhone Models

Monday June 10, 2024 3:57 am PDT by
iOS 18 will be compatible with the same iPhone models as iOS 17, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. iOS 18 will be compatible with the iPhone XR, and hence also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, but older iPhone models will miss out. Here is the full...
ios 18 tile summary

Apple Announces iOS 18 With New Customization Features, Redesigned Photos App, and More

Monday June 10, 2024 10:17 am PDT by
Apple today previewed iOS 18, the next major update to the operating system for the iPhone, with new customization features, a redesigned Photos app, and more. iOS 18 features new customization tools for the Home Screen. App icons now feature Dark Mode and users can tint them with a color to create a unique look. Apps can also now be placed anywhere on the Home Screen freely. The Control...
WWDC24 Live Coverage Article

WWDC 2024 Apple Event Live Keynote Coverage: iOS 18, Apple's AI Push, and More

Monday June 10, 2024 9:20 am PDT by
Apple's Worldwide Developers Conference (WWDC) starts today with the traditional keynote kicking things off at 10:00 a.m. Pacific Time. MacRumors is on hand for the event and we'll be sharing details and our thoughts throughout the day. We're expecting to see a number of software-related announcements with a focus on Apple's efforts to infuse AI throughout its operating systems and apps....
iOS 18 Siri Integrated Feature

Massive iPhone Upgrade Coming This Week But These Devices Will Miss Out

Sunday June 9, 2024 1:25 pm PDT by
Apple is planning a major AI overhaul in iOS 18, with a feature set it is referring to as "Apple Intelligence." However, these new features will not work on older iPhones, even if they do appear on the new operating system's device compatibility list. Apple's initial AI roadmap for iOS 18 is said to come in two parts: Basic AI features that will be processed on-device, and more advanced...
ios 18 button bulge

iOS 18 Adds Pop-Out Bezel Animation When Pressing iPhone Buttons

Tuesday June 11, 2024 10:40 am PDT by
iOS 18 includes a small but interesting change for the buttons on the iPhone, adding more of a visual element when changing volume, activating the Action button, or locking the screen. When you press an iPhone button in iOS 18, the display bezel bulges outward slightly. This feature is available for the volume buttons, Action button and the power button, and it will also likely be used for...
Next Gen CarPlay WWDC24 1

Apple Provides Updated Look at Next-Generation CarPlay at WWDC 2024

Monday June 10, 2024 7:11 pm PDT by
Apple today shared a few WWDC 2024 coding sessions related to its upcoming next-generation CarPlay system ahead of its launch later this year. The sessions include lots of updated next-generation CarPlay images, with one revealing new Vehicle, Media, and Climate apps in action for the first time. MacRumors previously discovered evidence of these apps in the iOS 17.4 beta. Next-generation...
iPad Air 5

New: iPadOS 18 Drops Support for These iPad Models

Monday June 10, 2024 4:16 am PDT by
iPadOS 18 will drop support for iPad models equipped with the A10X Fusion chip, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS and iPadOS updates. In other words, iPadOS 18 will drop support for the 10.5-inch iPad Pro and the second-generation 12.9-inch iPad Pro. Support for the sixth-generation iPad, which uses the...

Top Rated Comments

mr.steevo Avatar
63 months ago
Be wary of a guy in a trench coat handing out free Lightening Cables.
Score: 75 Votes (Like | Disagree)
DrJohnnyN Avatar
63 months ago
Wow. Scary.

"Those concerned should buy cables directly from Apple without accepting free cables from anyone."

People give out free cables?
Score: 49 Votes (Like | Disagree)
SecuritySteve Avatar
63 months ago
I think the scariest part of this is that it shows that should a supply chain be compromised, and secret components added to the manufacturing process, it would be virtually impossible to detect prior to normal use.

Good work though. It might lead to more 'do you trust this keyboard?' prompts though...
Score: 37 Votes (Like | Disagree)
ckurt25 Avatar
63 months ago
This is why we can’t have nice things.
Score: 31 Votes (Like | Disagree)
konqerror Avatar
63 months ago
Get a Sharpie and mark a soot on your cables. Problem solved.
Attacker has ability to embed a small computer and wireless transceiver in a tiny USB cable and covertly connect to it.
Attacker can't figure out how to use a Sharpie.
Score: 24 Votes (Like | Disagree)
konqerror Avatar
63 months ago
I'm finding that Anker makes pretty good alternatives.
That would be the opposite of what you want. You want a supplier that you know has strong supply chain security protections. Anker is a foreign-owned company which, for even mid-level security regulations, disqualifies it right there.

Plus, buying from Amazon is the absolute worst because they co-mingle inventory. Somebody could send tampered cables for sale via FBA, and they would send them to you as sold by Amazon or Anker. Buying from mail order allows for targeted attacks, even somebody swapping the package on your porch. The safest would be to walk right into a random Apple store and select a box off the shelf.
Score: 16 Votes (Like | Disagree)