Most Apple consumers are familiar with the lightning cable, which typically comes packaged with the company’s phones and accessories, including its latest iPhone XS and AirPods with wireless charging case. However, what these customers aren’t accustomed to is being hacked through a modified version of one of these popular cables, but that could possibly change soon.
According to a report from Vice, a security researcher known as MG just showed off a modified version of Apple’s lightning cable that’s capable of hijacking the computers of unsuspecting users and giving the hacker remote access to the device along with all the sensitive information stored on it.
MG made his presentation during the annual Def Con hacking conference, where he offered additional insight on the product, which has been dubbed the O.MG Cable.
“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,” he explained.
The researcher went on to give suggestions on how to use the malicious tool on a potential target. MG said it would be easy to swap out an original Apple cable with a modified one in order to gain access to the computer of a target. Additionally, he said the cables can also be given to a potential target as a gift, since it’s hard to differentiate between the original and modified versions. MG’s cord even comes with the little pieces of sticky paper used to hold it together, much like Apple’s cords.
After the selected target plugs the cord into their computer, the attacker can then type the IP address of the cable into a phone’s browser. While in the browser, the attacker will be given several options of attack, including terminal access. Then, from the terminal, the attacker will have the power to run countless tools on the target’s computer.
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer -— Cyberlutions® (@Cyberlutions) August 11, 2019
I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced ...https://t.co/vmbpT9PXOo pic.twitter.com/pw57FOMwzL
“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG said, before adding that he made the cables by hand by carefully modifying real Apple cables to attach his implant.
“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way.”
The researcher is currently selling the cables for $200 and claims an attacker can be up to 300 feet away from their target with a smartphone and still be able to connect directly. The attacker also has the option of using antenna to gain a much longer reach.
MG went on to say that he’s looking to have the cables produced as a “legitimate security tool,” and he’s already in talks with companies to make this happen. These cables will not be modified versions of Apple’s cables, but will instead be made from scratch.