Hacker creates the OMG Cable similar to Apple's Lightning Cable and can discover everything typed on a keyboard and get information
Have you ever imagined that your data might not be secure when you buy a non-genuine product, right? Buying things like a Pen Drive or something that has an internet connection can leave you vulnerable to cyber attacks and expose your data. But, have you ever thought that this can happen even with a simple cable? Well, that can happen, as hackers are getting more creative in being able to steal information.
It looks like a regular Apple Lightning cable that works like a data transfer cable and can also be used to connect an external keyboard to your Mac. reported by Vice, this is a cable that can also record everything you type, including passwords, and send that data wirelessly to a hacker who may be more than a mile away.
The “generic” cable was made by the security researcher known as MG. Hacker MG had already demonstrated this vulnerability in an earlier version of the cables for Vice, at the DEF CON hacking conference in 2019. He had already been able to create these cables manually, but now they can be mass-produced and the cables more Recent developments come in new physical variations, including Lightning for USB-C, and include more features for hackers to play with.
“There were people who said that Type C cables are protected against this type of implant because there is not enough space. So clearly I had to prove me wrong,” MG told Motherboard in an online chat.
How the OMG Cable works
OMG cables, as they are called, work by creating a Wi-Fi hotspot that a hacker can connect to from their own device. From here, an interface in an ordinary web browser allows the hacker to start logging keystrokes. The malicious implant itself takes up about half the length of the plastic shell, said MG.
The new cables now have geofencing capabilities where a user can trigger or block device loads based on the physical location of the cable. “It goes well with the self-destruct feature if an O.MG cable leaves the scope of your involvement and you don't want your information to leak or be accidentally run against random computers,” he said. “We were able to deploy payloads more than 1 mile away,” he added.
He said Type C cables allow the same type of attacks against smartphones and tablets. Several other enhancements include the ability to change keyboard mappings, the ability to forge the identity of a specific USB device, such as pretending to be a legitimate device, which potentializes a specific vulnerability in a system.
Apple did not respond to a request for comment. The cable set that MG provided Vice for testing purposes also included a USB-C cable, which would be designed to mimic cables related to different non-Apple products. The ongoing pandemic has also complicated the cable manufacturing process, explained MG.
“The pandemic has made an already difficult process much more difficult with the shortage of chips. If any individual component is out of stock, it is basically impossible to find a replacement when fractions of millimeters are important. So I only have to wait more than 12 months for certain parts to be in stock,” MG told Vice in an online chat. “We will easily lose $10K worth of cables when testing a process change. During a chip shortage, it's hard not to look at a loss like this and see a bunch of dead components that can't be replaced for more than a year.”
While it doesn't sound very ethical, the OMG cable retails for around $119,99 at Hak5 website. And while it looks very sophisticated and expensive, there may be cheaper versions of it out there that do the same. So, keep an eye on what you buy. So now what do you think? Bought a “generic” cable recently? Have you ever imagined something like this happening before? Take the opportunity to read more News on our website.