Researchers create ‘OMG’ Lightning Cable with built-in Keylogger, Wi-Fi Hotspot, Geofencing, and other security vulnerabilities

Apple OMG Lightning Cable Hack
A hardware hack is being mass-produced. Pic credit: Richard Unten/Flickr

Security researchers always warn about not borrowing chargers, cables, or other electronic peripherals. A new USB Lightning Cable for the iPhone, called ‘OMG’, once again highlights the need for these words of wisdom.

A normal-looking USB Lightning Cable can easily record keystrokes, activate Wi-Fi Hotspots, ensure it remains undetected, and perform other malicious tasks. Threat actors have to merely ensure an unsuspecting Apple MacBook, iPhone, or iPad user plugs the same into the device.

Apple Inc. may have to fend off a new type of hardware-based hack using the ‘OMG’ Lightning Cable:

A security researcher who calls himself MG has crafted and demonstrated a new Lightning Cable, which has a USB Type-C version as well. The new cable looks identical to the standard Lightning Cable. In other words, there are no physical indications that could raise suspicions.

Underneath the plastic shell, the rogue Lightning Cable hides a microchip that offers multiple functions to eavesdrop and steal data, including keystrokes. In other words, a simple cable can steal user data, usernames, passwords, etc.

The rogue cable can log keystrokes when connected to the MacBook, iPad, and even iPhones. It then sends the captured data back to any unauthorized person

Concerningly, the threat actor need not have physical access to the victim’s device. The Lightning cable reportedly creates a Wi-Fi hotspot that is accessible by the hacker.

Rough Lightning Cable can cause a lot of harm while ensuring it stays undetected:

Using a web app, a threat actor can record keystrokes that the OMG Lightning Cable captures. Needless to add, the captured data is quite valuable for a number of reasons.

If that’s not concerning enough, the Lightning-like OMG cable also includes a geofencing feature. This feature, when triggered, can block the payloads of the device as per its location. In other words, the cable can understand and decipher its actual location, and can then decide about delivering the payload.

Other improvements include being able to change keyboard mappings, and the ability to forge the identity of specific USB devices, such as pretending to be a device that leverages a particular vulnerability on a system.

The OMG Cable also has a USB Type-C to USB Type-C variant as well. Hence, technically, it is possible to weaponize the fastest-growing wired connection peripheral.

For reasons yet unknown, the security researcher has started mass producing the rogue cables. Needless to mention, these cables are a threat to an average user and the data their devices hold along with other information.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x