• This Lightning Cable Can Hack Your Computer



    "I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.

    But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer."
    This is the evil genius behind the O.MG Cable™, a legit-looking lightning to USB connector that secretly houses a WiFi hotspot, allowing a nearby attacker physical access to any computer that the cable is plugged in to. And the first production run has sold out, meaning that these things are already out in the wild.

    An attacker could swap out a target's lightning cable, or even present an O.MG Cable as a gift—they come coiled and wrapped just like the real thing.

    Once the cable is connected to a computer, that computer can be attacked directly within a range of 300 feet. But if the wireless network that the computer is connected to is vulnerable in any way, the attack radius becomes effectively unlimited.

    At present, the only means to ensure an Apple-certified cable is to check the 'Made for iPhone' badge on the packaging—though badges can obviously be spoofed as well.

    Sources: Apple Support, Hak5, VICE

    ---------
    Andrew Currie has been blogging about mobile phones since 2001, smartphones (depending on how you define them) since 2002 and smartwatches since 2014.
    ---------
    This article was originally published in forum thread: This Lightning Cable Can Hack Your Computer started by acurrie View original post
    Comments 1 Comment
    1. i0wnj00's Avatar
      i0wnj00 -
      The only way to avoid this is to buy from the Apple Store, online or in person.
      I'm not sure if somebody can contaminate the supply chain with this product, but buying directly from Apple will mitigate this issue.

      Amazon or some hole in the wall shop can be a risky move because the seller can intentionally misinterpret/substitute the product and/or inadvertently sell this this to the public.