Last Updated on September 11, 2021 by Calvin C.
Cybercriminals usually come up with deceptive tactics to attack unsuspecting victims. Even mobile accessories can be booby-trapped to deliver a payload when connected and it’s something to watch for if you use aftermarket phone accessories. Amongst the attack hardware is a new malicious lightning cable that can hack iPhones from a distance and it’s none other than the upgraded OMG cable.
To the unsuspecting eye, the OMG cable looks exactly like the original lightning to USB cable. It was created by Mike Grover, a security researcher, who made the initial demonstrations back in 2019 and you can watch the video here.
The Eureka moment
Mike Grover came up with the idea in his kitchen when he exposed a circuit board hidden in the head of a standard lightning to USB cable.
He then started monitoring the configurations inside the charging cable using external circuit boards. With all that information, MG managed to install an implant while preserving the original circuit board.
This new software allows the OMG cable to work as before, while delivering other upgraded capabilities.
In addition, the cable creates a WiFi hotspot, allowing the hacker to connect to the victim’s computer remotely.
MG put it as follows “It’s like being able to sit at the keyboard and mouse of the victim but without actually being there. “
To make matters worse, your computer can’t tell the difference between a normal cable and an OMG cable.
Loaded in the OMG cable are payloads or commands that are run on the target computer by hacker.
Mass production by Hak5
The first cables were mass-produced in September 2019, for use in hacking phones and retailed for $100 each, indicating a huge demand for these cables.
According to MG, the primary purpose of the OMG cable is for whitehat hackers to carry out penetration tests and other legitimate security research.
While the original cables were painstakingly modified from Apple cables, the ones marketed by Hak5 are made from scratch.
Fast forward to 2021 and now there is an upgraded version of the OMG cable.
This one supports USB-C and has even more capabilities to give a hacker more attacking power.
MG managed to defy odds by cramming an implant in a even smaller space.
“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong,” MG told Vice.
Just like in the predecessor, the new OMG cable is also able to create a WiFi hotspot that a hacker connects to and accesses the device.
New features in the new OMG cable include:
- Recording of keystrokes
- Restriction of payloads to specified physical locations (geofencing), with the ability to switch attacks.
- Self-destruction feature when you don’t want payloads to be detected.
- Ability to change keyboard mappings
- Improved attack range (more than a mile in some cases)
- Forging the identity of USB devices to capitalize on specific system vulnerabilities
- Ability to attack iPhones due to the presence of USB-C
In a statement to Motherboard, MG indicated that production of the cables has been affected by the ongoing pandemic, ” The pandemic has made an already difficult process much more difficult with the chip shortage. If any individual component is out of stock, it is basically impossible to find a replacement when fractions of millimeters are important. So I just have to wait 12+ months for certain parts to be in stock. “
Well, next time you think of borrowing a charger from a friend, think again. Also read about juice jacking, where hackers tamper with public chargers to attack unfortunate victims.
Share the article on social media and subscribe to our newsletter to receive regular updates.