Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords

A normal-looking Lightning cable that can used to steal data like passwords and send it to a hacker has been developed, Vice reports.

omg lightning cable comparisonThe "OMG Cable" compared to Apple's Lightning to USB cable.

The "OMG Cable" works exactly like a normal Lightning to USB cable and can log keystrokes from connected Mac keyboards, iPads, and iPhones, and then send this data to a bad actor who could be over a mile away. They work by creating a Wi-Fi hotspot that a hacker can connect to, and using a simple web app they can record keystrokes.

The cables also include geofencing features that allow users to trigger or block the device's payloads based on its location, preventing the leakage of payloads or keystrokes from other devices being collected. Other features include the ability to change keyboard mappings and the ability to forge the identity of USB devices.

The cables contain a small implanted chip and are physically the same size as authentic cables, making it extremely difficult to identify a malicious cable. The implant itself apparently takes up around half of the length of a USB-C connector's plastic shell, allowing the cable to continue to operate as normal.

omg lightning cable x rayAn x-ray view of the implanted chip inside the USB-C end of an OMG Cable.

The cables, made as part of a series of penetration testing tools by the security researcher known as "MG," have now entered mass production to be sold by the cybersecurity vendor Hak5. The cables are available in a number of versions, including Lightning to USB-C, and can visually mimic cables from a range of accessory manufacturers, making them a noteworthy threat to device security.

Top Rated Comments

zorinlynx Avatar
23 months ago
>and then send this data to a bad actor who could be over a mile away. They work by creating a Wi-Fi

"a mile away"

"Wi-Fi"

These hackers need to work for Asus, Ubiquity, Linksys, etc. and improve WiFi range!
Score: 59 Votes (Like | Disagree)
coachgq Avatar
23 months ago
guess I should pay the $20 to apple instead of the $7 to an ebay seller to keep my info safe? Danggit that sucks!
Score: 32 Votes (Like | Disagree)
abbeybound Avatar
23 months ago
I'm going to call BS on this. A powerful compute module with memory, wifi with somehow a one mile range, and location services for geofencing, all in half a USB-C connector?
Score: 28 Votes (Like | Disagree)
ersan191 Avatar
23 months ago
"who could be over a mile away"

Damn the WiFi in my house barely reaches my garage, maybe I need one of these cables.
Score: 28 Votes (Like | Disagree)
bearda Avatar
23 months ago
So there's a lot of scaremongering and assumptions being thrown around here. For the key logging function you have to be using the cable to hook up between a keyboard and a device so the traffic can be sniffed. Wireless keyboard aren't affected. Onscreen keyboards aren't affected. iOS devices lock the USB port by default (the phone "unlock your phone to use the connected device" prompt you get when connecting to a car, etc) so it's not like this is going to allow an attacker any additional access to a locked phone.

Don't connect your device to random cables and you'll be fine.
Score: 20 Votes (Like | Disagree)
Maclver Avatar
23 months ago

So who will they sell to?
No one.... They will probably sit in the airport and plug them into the charging stations
Score: 15 Votes (Like | Disagree)

Popular Stories

gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...