Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer

by

A security researcher named MG has developed a Lightning cable replacement that can give hackers a way to remotely access your computer, reports Motherboard.

The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.

hackedcablemotherboard

Image via Motherboard

When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.

MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

"It's like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.

In a test with Motherboard, MG was able to connect his phone to a WiFi hotspot that the cable was emitting. He said he needed to be within 300 feet to access the target machine, but also said that the cable can be configured to act as a client for a nearby wireless network, potentially allowing for hacking from an unlimited distance.

"I'm currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."

MG imagines the cable could be swapped in for a target's legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.

It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article81 comments
iPhone 17 Plus Feature Purple

iPhone 17 Rumored to Feature Mechanical Aperture

Tuesday July 23, 2024 9:32 am PDT by
Apple is planning to release at least one iPhone 17 model next year with mechanical aperture, according to a report published today by The Information. The mechanical system would allow users to adjust the size of the iPhone 17's aperture, which refers to the opening of the camera lens through which light enters. All existing iPhone camera lenses have fixed apertures, but some Android...
Read Full Article60 comments

Top Rated Comments

mr.steevo Avatar
mr.steevo
65 months ago
Be wary of a guy in a trench coat handing out free Lightening Cables.
Score: 75 Votes (Like | Disagree)
DrJohnnyN Avatar
DrJohnnyN
65 months ago
Wow. Scary.

"Those concerned should buy cables directly from Apple without accepting free cables from anyone."

People give out free cables?
Score: 49 Votes (Like | Disagree)
SecuritySteve Avatar
SecuritySteve
65 months ago
I think the scariest part of this is that it shows that should a supply chain be compromised, and secret components added to the manufacturing process, it would be virtually impossible to detect prior to normal use.

Good work though. It might lead to more 'do you trust this keyboard?' prompts though...
Score: 37 Votes (Like | Disagree)
ckurt25 Avatar
ckurt25
65 months ago
This is why we can’t have nice things.
Score: 31 Votes (Like | Disagree)
konqerror Avatar
konqerror
65 months ago
Get a Sharpie and mark a soot on your cables. Problem solved.
Attacker has ability to embed a small computer and wireless transceiver in a tiny USB cable and covertly connect to it.
Attacker can't figure out how to use a Sharpie.
Score: 24 Votes (Like | Disagree)
konqerror Avatar
konqerror
65 months ago
I'm finding that Anker makes pretty good alternatives.
That would be the opposite of what you want. You want a supplier that you know has strong supply chain security protections. Anker is a foreign-owned company which, for even mid-level security regulations, disqualifies it right there.

Plus, buying from Amazon is the absolute worst because they co-mingle inventory. Somebody could send tampered cables for sale via FBA, and they would send them to you as sold by Amazon or Anker. Buying from mail order allows for targeted attacks, even somebody swapping the package on your porch. The safest would be to walk right into a random Apple store and select a box off the shelf.
Score: 16 Votes (Like | Disagree)
Read All Comments