White-hat hacker demonstrates malicious Lightning cable with built-in Wi-Fi
Illustrating the potential threat from untrusted accessories, a hacker has developed a proof-of-concept Lightning cable with a hidden Wi-Fi chip that could allow parties to seize control of a Mac.
Nicknamed the "O.MG Cable," it closely resembles Apple's own official products. When attached though it can deliver and trigger code payloads, potentially even reflashing a system, according to its creator. In a video, the cable -- controlled remotely via an iPhone Web interface -- is shown opening up a phishing website on a Mac, then the O.MG project page.
"I am going to work on getting a batch of these made for researchers and those working in the industry," the latter promises.
Practically speaking most people are unlikely to face a bugged Lightning cable, since they're buying from Apple directly or MFi-certified vendors. The O.MG technique also appears to require an attacker to be within local Wi-Fi range, making it of little use even to most black-hat hackers.
Conceivably though some variant could be used in political or corporate espionage, substituted in place of a target's normal cable.
Nicknamed the "O.MG Cable," it closely resembles Apple's own official products. When attached though it can deliver and trigger code payloads, potentially even reflashing a system, according to its creator. In a video, the cable -- controlled remotely via an iPhone Web interface -- is shown opening up a phishing website on a Mac, then the O.MG project page.
"I am going to work on getting a batch of these made for researchers and those working in the industry," the latter promises.
Practically speaking most people are unlikely to face a bugged Lightning cable, since they're buying from Apple directly or MFi-certified vendors. The O.MG technique also appears to require an attacker to be within local Wi-Fi range, making it of little use even to most black-hat hackers.
You like wifi in your malicious USB cables?
The OMG cable
(Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR-- _MG_ (@_MG_)
Conceivably though some variant could be used in political or corporate espionage, substituted in place of a target's normal cable.
Comments
I can't wait for Qi charging pads to become more commonplace for topping off a device.
Edit: fixed grammar, I hope.
There are lots of USB devices that are purpose-built to attack Mac or Windows host computers. Most allow attackers to pre-set payloads that deploy when they’re plugged in.
The real novelties here are that a) It’s packaged to look like a regular cable (Lightning or otherwise), and b) It’s controllable via wifi by a nearby attacker. Leave one of these laying in a public hotspot area and you could be sitting across the room calling the shots - assuming they don’t just throw it in their bag and walk away.
You can say it's sensationalized all you want, but I prefer when Apple addresses HW and SW vulnerabilities, even when the chances of being targeted are slim. For example, I felt that Apple killing their FaceTime group chat to address the issue from their server and then issuing an iOS patch the next week was the only reasonable move even though I never once feared that someone would call me via FT in order to record me without me agreeing to the call.