A security researcher has revealed he has engineered a Lightning cable replacement that appears to be an innocent Lightning cable, but can offer hackers a way to remotely access your computer.
A security researcher named MG demonstrated the cable and its abilities to Motherboard. The cables, which are called O.MG Cables, are OEM Lightning cables, direct from Apple, that have been opened and modified to install additional components. The modifications are indetectable to the naked eye, and there is no way to tell the hacked cable from the original.
However, when the cable is plugged into a target computer, even though it behaves as a typical cable does (charging the attached iPhone, allowing it to sync, etc.), it also allows nearby hackers to connect to the machine to run commands.
The trojan horse device comes equipped with commands and scripts a hacker can run on the victim’s machine, and even run commands to “kill” the USB implant to attempt to hide the evidence of the implant’s existence.
Joseph Cox of Motherboard describes what happened after he plugged the trojan Lightning cable into his Mac:
MG typed in the IP address of the fake cable on his own phone’s browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim’s computer.
“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG said.
MG was able to connect his phone to the Wi-Fi hotspot that the cable was emitting. MG told Cox he needed to be within 300 feet of the target machine to gain access, but said the cable could be configured to act as a wireless network client, potentially allowing him to hack from an unlimited distance.
At this time, most folks don’t have to worry about the cable, even though it could be gifted to them or swapped out with their cable without being noticed. However, the cables are made by hand and sold by MG for $200, so they’re at least too expensive for buying one for a practical joke. However, MG says he’s working with a company to produce them for use as a legitimate security tool.
MG imagines the cable could be swapped in for a target’s legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.