You’d think that you can safely rely on Apple’s Lightning cables to not only charge iPhones, iPads and iPods, but also to transfer files between them and a computer. But with recent revelations, you probably should be careful about the Lightning cable that you use. Vice reports that a security researcher called MG turned one into a hacking vector.
This is done by implanting additional components to the standard Lightning cable. The modifications are undetectable, and the modified cables – dubbed O.MG cables – are indistinguishable from the standard ones. Devices the cable is plugged into won’t be able to tell the difference either, until the hacker pulls the trigger.
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update!
This update brought to you by the chaos workshop elves: @d3d0c3d, @pry0cc, @clevernyyyy, @JoelSernaMoreno, @evanbooth, @noncetonic, @cnlohr, @RoganDawes
More info: https://t.co/kkhUppsqiC#OMGCable pic.twitter.com/fIzOaKJSxL
— MG (@_MG_) April 12, 2019
MG demonstrated this by plugging an O.MG cable into an iPod and a Mac, with both exhibiting expected behaviour. He then types the IP address of the modified cable on his phone’s browser, and is then presented with a list of hacking options. One of these include opening a terminal on the connected Mac.
From this demonstration, the O.MG cable emits its own WiFi hotspot. While a direct connection requires a hacker to be within about 90m of the cable, it could also be modified to act as a client for nearby wireless networks. This lets the hacker connect to the O.MG cable from just about anywhere in the world.
