A security researcher known as “_MG_” on Twitter has invented a modified Apple Lightning cable that could allow a hacker to remotely access any Mac computer using them. He demonstrated his new invention, dubbed the “OM.G Cable” at the Def Con hacking conference in Las Vegas recently. The Lightning Cable is used by Apple owners to charge their devices and sync data.
The OM.G cable is indistinguishable from a legitimate Lightning Cable. According to tests conducted by Motherboard, it allows a hacker to type in the IP address of the fake cable on his device and gain access to a variety of tools on the victim’s computer or phone, via a simple menu-driven system.
The cable comes with a wireless implant that allows the hack to occur. Once it’s plugged into the victim’s device, it creates a Wi-Fi hotspot that allows it to wirelessly transmit malicious payloads, scripts, and commands on the victim’s device. Even worse, it has an impressive range of 300 feet.
In an interview with Motherboard, MG had this to say about his invention: “It looks like a legitimate cable and works just like one. Not even your computer will notice a difference – until I, as an attacker, wirelessly take control of the cable.”
MG sold his homebrew cables to Def Con attendees for $200 each, so there are a small number of these devices in the wild now, and the number is growing steadily. For their part, Apple has responded to the event by advising their customers to avoid buying cables from untrusted vendors and to only use the cable contained in your iPhone box.
They also explained how to spot a counterfeit cable, as follows:
“To identify counterfeit or uncertified cables and accessories, look carefully at the accessory’s packaging and at the accessory itself. Certified third-party accessories have the MFi badge on their packaging. An Apple Lightning to USB cable has ‘Designed by Apple in California,” and either ‘Assembled in China,’ or ‘Assembled in Vietnam’ or ‘Industria Brasileira’ on the cable about seven inches from the USB connector.”
It’s good information and something to keep a close watch on. This kind of hack is very hard to counter.