This unsuspecting Lightning cable packs an implant that can log everything you type

Shawn Knight

Posts: 13,502   +132
Staff member
Scary: Dubbed OMG Cables, these new variants are more capable than their counterparts. According to their creator, payloads can be triggered from over one mile away. Attackers can use them to log keystrokes and change keyboard mappings. There is also a geofencing feature, a kill switch and the ability to forge the identity of specific USB devices, like those that can leverage a specific vulnerability.

We’ve long since been told to be leery of inexpensive third-party phone chargers and USB cables due to their inferior quality. In recent years, we’ve also been warned about the potential for security vulnerabilities related to such devices.

Back in 2019 at the annual Def Con hacking conference, a security researcher who goes by MG showed off an Apple Lighting cable that looked and functioned as if it had been pulled right out of a box in an Apple retail store.

Hiding inside the cable, however, was a tiny bit of additional hardware capable of creating a Wi-Fi hotspot. An attacker within 300 feet of the cable could use that hotspot to remotely hijack a victim’s computer.

MG has since evolved the design to create new physical variations that are compatible with even more interfaces, including a Lightning to USB-C cable. The user told Motherboard that there were people who thought Type C cables were safe from this sort of implant due to size limitations. “So, clearly, I had to prove that wrong,” MG said.

"It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers," MG told the publication.

The pandemic, however, has made it difficult for MG to manufacture the devices. “If any individual component is out of stock, it is basically impossible to find a replacement when fractions of millimeters are important,” he said. “So I just have to wait 12+ months for certain parts to be in stock.”

Permalink to story.

 

antiproduct

Posts: 198   +232
I'm sure they have this sort of device for Android phones too, so... maybe only mock the technology if you don't use a phone at all.

The annoying thing about this will be that it will become justification to get rid of cables entirely, and then wirelessly charge your device. Want to transfer the data? Back it up in our cloud storage to be billed monthly. Also, where Apple (or whoever) may snoop your data to make sure there's no "child porn" in it... or anything else they deem that you shouldn't have.
 

Superconductor

Posts: 52   +56
L M A O ... and the average U.S. consumer that fears privacy continues to scoop up a multitude of products produced in China. Oh the irony ... but hey ... it's a news worthy cable. LOL
 

nismo91

Posts: 1,154   +195
Wow a tiny cable could transmit wifi up to 300ft. they should've sold the technology to phone makers because my phone hotspot could not even reach 2nd floor, let alone 300ft. /s
 

Watzupken

Posts: 332   +309
Actually such risk always exists. In fact some of those cheap hardware/ cables may one day be used to spy on you. All you need is to put a tiny inconspicuous chip that almost nobody can distinguish from the rest of the chips on the PCB. Where there is money to be made, I am sure people will go that extra mile to try and get it.
 

Alfatawi Mendel

Posts: 147   +233
Actually such risk always exists. In fact some of those cheap hardware/ cables may one day be used to spy on you. All you need is to put a tiny inconspicuous chip that almost nobody can distinguish from the rest of the chips on the PCB. Where there is money to be made, I am sure people will go that extra mile to try and get it.
I don't think they will be cheap. Most likely, the first customers will be the National security apparatus.
 

Avro Arrow

Posts: 1,800   +2,154
TechSpot Elite
"We’ve long since been told to be leery of inexpensive third-party phone chargers and USB cables due to their inferior quality."
Which was a load of crap then just as it is now. When I worked at Tiger Direct, we used to sell an HDMI cable from Monster Cables for over $40 when it cost us just $6. When it comes to cables, brand-names mean nothing because the store selling it to you has probably marked it up by almost 1000%.

For the last 5 years, I've used a 5' high-speed HDMI cable that I bought at Dollarama for $3CAD. The picture is perfect and the cable DOES support 2160p resolution. I don't know if it supports 4320p but it'll be at least 25 years before 8K is mainstream and supported by broadcasters so what the hell do I care? I could be dead by then. :laughing:
 
Last edited:

DukeJukem

Posts: 256   +272
L M A O ... and the average U.S. consumer that fears privacy continues to scoop up a multitude of products produced in China. Oh the irony ... but hey ... it's a news worthy cable. LOL
well the last president tried to back us out of china but people didn't really like that I guess