Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer
A security researcher named MG has developed a Lightning cable replacement that can give hackers a way to remotely access your computer, reports Motherboard.
The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.
Image via Motherboard
When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.
It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.
The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.
When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.
MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.In a test with Motherboard, MG was able to connect his phone to a WiFi hotspot that the cable was emitting. He said he needed to be within 300 feet to access the target machine, but also said that the cable can be configured to act as a client for a nearby wireless network, potentially allowing for hacking from an unlimited distance.
"It's like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.
"I'm currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."MG imagines the cable could be swapped in for a target's legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.
It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.
[ 0 comments ]
Apple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced three years ago in March 2016. Apple designed the Safari Technology Preview to test...
Shazam, the song discovery app owned by Apple, was today updated to add Dark Mode support ahead of tomorrow's iOS 13 launch.
Following the update, Shazam will be displayed in Dark Mode...
Apple today seeded eleventh beta of an upcoming tvOS 13 update to developers and public beta testers, one week after seeding the tenth beta and more than two months after unveiling the tvOS 13...
Facebook today announced a new set of Portal video chat devices, including one that is aimed to compete in the streaming TV market. This device is called the Portal TV, and it connects to a TV set...
Apple this week published environmental reports for the new iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max, revealing that the Taptic Engine in all three devices is made of 100 percent recycled rare...
Amazon this week is discounting numerous Apple notebooks and tablets, offering new all-time-low prices in each instance. You can save as much as $400 in these sales, which relate to the 2019...
NBCUniversal today revealed that the name of its upcoming streaming television service is "Peacock," a reference to the company's logo. The service is still set to launch in April 2020,...
Amazon today introduced a new tier of Amazon Music, called Amazon Music HD, which offers lossless versions of audio files for streaming or downloading. This tier will cost $14.99/month, or...
