A normal-looking Lightning cable that can used to steal data like passwords and send it to a hacker has been developed, Vice reports.
The "OMG Cable" compared to Apple's Lightning to USB cable.
The "OMG Cable" works exactly like a normal Lightning to USB cable and can log keystrokes from connected Mac keyboards, iPads, and iPhones, and then send this data to a bad actor who could be over a mile away. They work by creating a Wi-Fi hotspot that a hacker can connect to, and using a simple web app they can record keystrokes.
The cables also include geofencing features that allow users to trigger or block the device's payloads based on its location, preventing the leakage of payloads or keystrokes from other devices being collected. Other features include the ability to change keyboard mappings and the ability to forge the identity of USB devices.
The cables contain a small implanted chip and are physically the same size as authentic cables, making it extremely difficult to identify a malicious cable. The implant itself apparently takes up around half of the length of a USB-C connector's plastic shell, allowing the cable to continue to operate as normal.
An x-ray view of the implanted chip inside the USB-C end of an OMG Cable.
The cables, made as part of a series of penetration testing tools by the security researcher known as "MG," have now entered mass production to be sold by the cybersecurity vendor Hak5. The cables are available in a number of versions, including Lightning to USB-C, and can visually mimic cables from a range of accessory manufacturers, making them a noteworthy threat to device security.
I'm going to call BS on this. A powerful compute module with memory, wifi with somehow a one mile range, and location services for geofencing, all in half a USB-C connector?
So there's a lot of scaremongering and assumptions being thrown around here. For the key logging function you have to be using the cable to hook up between a keyboard and a device so the traffic can be sniffed. Wireless keyboard aren't affected. Onscreen keyboards aren't affected. iOS devices lock the USB port by default (the phone "unlock your phone to use the connected device" prompt you get when connecting to a car, etc) so it's not like this is going to allow an attacker any additional access to a locked phone.
Don't connect your device to random cables and you'll be fine.
Phishing attacks taking advantage of Apple's password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to cause panic so they'll respond favorably to social engineering. An...
Wednesday March 27, 2024 11:10 am PDT by Joe Rossignol
At least some Apple software engineers continue to believe that iOS 18 will be the "biggest" update in the iPhone's history, according to Bloomberg's Mark Gurman. Below, we recap rumored features and changes for the iPhone. "The iOS 18 update is expected to be the most ambitious overhaul of the iPhone's software in its history, according to people working on the upgrade," wrote Gurman, in a r...
Tuesday March 26, 2024 10:02 am PDT by Juli Clover
Apple today announced that its 35th annual Worldwide Developers Conference is set to take place from Monday, June 10 to Friday, June 14. As with WWDC events since 2020, WWDC 2024 will be an online event that is open to all developers at no cost. Subscribe to the MacRumors YouTube channel for more videos. WWDC 2024 will include online sessions and labs so that developers can learn about new...
Tuesday March 26, 2024 3:10 pm PDT by Aaron Perris
Apple may be planning to add support for "custom routes" in Apple Maps in iOS 18, according to code reviewed by MacRumors. Apple Maps does not currently offer a way to input self-selected routes, with Maps users limited to Apple's pre-selected options, but that may change in iOS 18. Apple has pushed an iOS 18 file to its maps backend labeled "CustomRouteCreation." While not much is revealed...
Wednesday March 27, 2024 5:59 am PDT by Joe Rossignol
Apple on late Tuesday released revised versions of iOS 17.4.1 and iPadOS 17.4.1 with an updated build number of 21E237, according to MacRumors contributor Aaron Perris. The updates previously had a build number of 21E236. The revised updates are available for all iPhone and iPad models that are compatible with iOS 17 and iPadOS 17, but they can only be installed via the Finder app on macOS...
Thursday March 28, 2024 11:07 am PDT by Juli Clover
Apple will introduce new iPad Pro and iPad Air models in early May, according to Bloomberg's Mark Gurman. Gurman previously suggested the new iPads would come out in March, and then April, but the timeline has been pushed back once again. Subscribe to the MacRumors YouTube channel for more videos. Apple is working on updates to both the iPad Pro and iPad Air models. The iPad Pro models will...
Wednesday March 27, 2024 2:03 pm PDT by Juli Clover
With the App Store and app ecosystem undergoing major changes in the European Union, The Wall Street Journal today shared a profile on App Store chief Phil Schiller, who is responsible for the App Store. Though Schiller transitioned from marketing chief to "Apple Fellow" in 2020 to take a step back from Apple and spend more time on personal projects and friends, he is reportedly working...
Top Rated Comments
"a mile away"
"Wi-Fi"
These hackers need to work for Asus, Ubiquity, Linksys, etc. and improve WiFi range!
Damn the WiFi in my house barely reaches my garage, maybe I need one of these cables.
Don't connect your device to random cables and you'll be fine.