New malicious Lightning cable can steal user data from a mile away

Posted:
in General Discussion edited September 2021
A new and upgraded version of a malicious Lightning cable that can steal user data and remotely send it to an attacker illustrates the threat of untrusted accessories.

Credit: MG
Credit: MG


The OMG Cable, which looks exactly like a standard Lightning to USB cable, was first demoed back in 2019 by security researcher MG. Since then, MG was able to work with cybersecurity vendor Hak5 to mass-produce the cables for researchers and penetration testers.

Although users would be hard-pressed to find anything unusual about the cables from the outside, they pack some under-the-hood modifications that make them useful to hackers. An OMG cable plugged into a Mac to connect Apple's Magic Keyboard could, as an example, log passwords or anything else a user types and send that data to a remote attacker.

The new version of the OMG cable includes a Lightning to USB-C option and other upgraded capabilities for security researchers to test out, Vice reported Thursday.

"There were people who said that Type C cables were safe from this type of implant because there isn't enough space. So, clearly, I had to prove that wrong," security researcher MG told Vice.

For example, MG says the new cables have geofencing features that can switch attacks based on a victim's physical location. The range of the cables has also been improved, with researchers able to trigger malicious payloads from more than a mile away. The addition of USB-C connectivity could also -- in theory -- allow the cable to carry out attacks like mobile devices like the iPhone.

OMG cables, which are available from Hak5 for about $120, work by creating a Wi-Fi hotspot that an attacker can connect to from their own devices. Once connected, they can use a normal web browser interface to log keystrokes or carry out other attacks.

Read on AppleInsider
dewmepatchythepirate
«1

Comments

  • Reply 1 of 31
    lkrupplkrupp Posts: 10,557member
    Notice the disclaimer at the bottom of the article on the main page. If you buy this cable AppleInsider gets a commission? Can I buy this cable to snoop on and stalk my mistress?
    applguy
  • Reply 2 of 31
    BTW: Do we know this as fact? Or just someone saying it?
    watto_cobra
  • Reply 3 of 31
    I think an actual explanation of how it can be used would be helpful. The specifics. It seems like if you use the cable between a Mac and a keyboard only? What does it do if you use it in charging?
    watto_cobra
  • Reply 4 of 31
    gatorguygatorguy Posts: 24,176member
    lkrupp said:
    Notice the disclaimer at the bottom of the article on the main page. If you buy this cable AppleInsider gets a commission? Can I buy this cable to snoop on and stalk my mistress?
    If you don't need at least three you're not serious about it. ;)
    FileMakerFeller
  • Reply 5 of 31
    gatorguygatorguy Posts: 24,176member
    BTW: Do we know this as fact? Or just someone saying it?
    Follow the article link.
    https://www.vice.com/en/article/k789me/omg-cables-keylogger-usbc-lightning
  • Reply 6 of 31
    dewmedewme Posts: 5,328member
    Good to know. I guess this is just another reminder that any physical connection to a device can be hacked regardless of how innocuous it may appear.

    I suppose wired headphones, hubs, smart battery cases, keyboard cases, wall chargers, portable chargers, docking stations, etc., are all equally vulnerable. Apple could probably extend its MFi protocol to incorporate more levels of security, like a PKI based system with certificates, encryption, revocation, etc. I'm not that familiar with what's in MFi but I've always assumed it is focused more around licensing than security.

    Of course anything Apple does to raise the bar in this area would drive up costs and exclude some vendors who can't handle the increased burden. A few EU regulators heads would also explode, literally explode with the mass ejection of organic material, if Apple further tightened down its requirements on third party accessory makers. If it's any consolation, loosening up servicing and repair part standards will allow hackers to install snooping devices very neatly inside your devices. Your charging cable will be safe, but your new battery may come with some extra functionality that you didn't count on.
    patchythepirateFileMakerFellerDetnator
  • Reply 7 of 31
    There is a simple self defense that is guaranteed to work 100%. Do not let any unknown beings get access to your device physically. Apple OSs are extremely well designed to fend out security attacks. 
    watto_cobra
  • Reply 8 of 31
    Another way to look at this: The cable lets you create a custom WiFi hotspot for your iPhone, something which Apple and iOS have never allowed a third party developer to do.
    rinosaurlkruppapplguy
  • Reply 9 of 31
    rob53rob53 Posts: 3,241member
    Are Lightning cables patented by Apple or at least approved by some government agency to follow certain standards? If so is Apple allowed to file suit against an obviously non compliant cable? FTC approval for transmissions? Time to lock these guys up. 
    watto_cobra
  • Reply 10 of 31
    maestro64maestro64 Posts: 5,043member
    Okay this cable is scary, they can do this with a cable just plugged in. How many of you just plugged your phone into a cable which was just laying on a table. I guess I need to make sure only to use my cables from this point forward.
    watto_cobra
  • Reply 11 of 31
    sflocalsflocal Posts: 6,092member
    I'm curious what the real-world risk is here.  I really have to think about it but I can't really recall ever using someone else's cable.  It's always been one that I purchased.  This is yet one more thing one has to consider.
    watto_cobra
  • Reply 12 of 31
    thrangthrang Posts: 1,007member
    And yet people actively voice they want to open iOS to third party app stores that who content is developed, delivered, and transacts data without Apple's security and privacy layers. And don't say "well don't use a third party app store if it's a concern".... Given how we currently share information between family and friends in a secure iOS, environment, it doesn't take much to see how someone else using a nefarious third party app may unwittingly expose some identifiable information about me even if I steadfastly avoid third party apps.

    So if people will go to the extent of this cable hack, imagine what that might do if that had executable code on your phone that has not been vetted nor is monitored?

    If you sandbox third party apps to prevent data leakage, then you would lose access to everything else that makes an iPhone great - I doubt Apple would allow such external apps connectivity to Messages, Mail, Contacts, Files, Game Center, Photos, password manager, Wallet, Face or Touch ID, Continuity, Safari, Calendar, etc, etc, etc.....

    Frankly, I'm not very worried about this cable hack. But a third party app story would be extraordinarily detrimental and potentially dangerous.
    cornchipdrdavidwatto_cobraDetnator
  • Reply 13 of 31
    lkrupplkrupp Posts: 10,557member
    Another way to look at this: The cable lets you create a custom WiFi hotspot for your iPhone, something which Apple and iOS have never allowed a third party developer to do.
    Your intense hatred of Apple is eating your brain. Soon you won’t have any brain cells left. Oh wait!
    patchythepirateericthehalfbeeroundaboutnowwatto_cobra
  • Reply 14 of 31
    macguimacgui Posts: 2,350member
    maestro64 said:
    How many of you just plugged your phone into a cable which was just laying on a table.
    I do. Because I know my cables. Do you go to some commune and not have your own kit? Geeze fkn Louise.

    Spend a few bucks and get a DC power connector that has only power connections, no data. Keep it in your kit and put it between your Mac and any foreign power supply or cable. Problem solved. Crisis averted.
    watto_cobra
  • Reply 15 of 31
    Apple wireless charging is the future. I don't think MG will be able to install a personal hotspot inside a charging pad. 
    watto_cobra
  • Reply 16 of 31
    gatorguy said:
    BTW: Do we know this as fact? Or just someone saying it?
    Follow the article link.
    https://www.vice.com/en/article/k789me/omg-cables-keylogger-usbc-lightning

    The answer is in the first sentence of the article you linked:

    “It looks like a Lightning cable, it works like a Lightning cable, and I can use it to connect my keyboard to my Mac.”

    All the articles I’ve seen are highly misleading. They imply that simply plugging this cable into a device suddenly grants it access to all your passwords. It appears it’s nothing more than a keylogger hidden inside a cable that mimics a keyboard.

    As usual, it’s odd that they don’t provide any detailed demo of how it works, and only have a short video showing a device connecting to the cable via WiFi.

    I want to see it actually stealing a password. I mean, if that’s what you’re claiming then prove it.
    cornchipwatto_cobra
  • Reply 17 of 31
    danoxdanox Posts: 2,799member
    Right to repair ha..ha..ha.. the enemy is within.
    watto_cobra
  • Reply 18 of 31
    Really a non-worry. They have publicly made an expensive cable that looks normal with key logging with a WiFi hotspot, that likely some governments have already made. Too expensive for most people to use. Use it in an airport or common room? Free cable for someone else to pick up, move it out of range, eventually destroy it and toss it out. Since it is WiFi, you should be able to set it pop up when plugged in or drop off if unplugged.  Manufacturers might be able to scan and warn if such a WiFi point is that close or matching WiFi names. Range? Up to a mile is under ideal conditions, outdoors, which rarely happens. This uses a chip antenna which isn’t as good as an external antenna. Plugging it in to your home desktop computer isn’t going to give that much range. Too many obstacles that reduce to signal power or just block it. There is also a USB-C to USB-C version. Due to the chip shortage and tight clearances, they have to wait a good twelve months for parts. 

    Simple solution is use your own cables and chargers. 
    watto_cobra
  • Reply 19 of 31
    fred1fred1 Posts: 1,111member

    Simple solution is use your own cables and chargers. 
    This will be your own cable if you buy it from somewhere like Amazon. If enough are sold, then hackers can look for them being used at cafes, airports, etc. 

    Simple solution is to only use Apple certified cables. 

    On a related note, was it just a rumor that data could be stolen using USB-A charging ports?
    watto_cobra
  • Reply 20 of 31
    This will be your own cable if you buy it from somewhere like Amazon. If enough are sold, then hackers can look for them being used at cafes, airports, etc. 

    Simple solution is to only use Apple certified cables. 

    On a related note, was it just a rumor that data could be stolen using USB-A charging ports?
    The components are too expensive to seed into a competitive market for random access.

    But YES. A USB charging block or hub is much easier to implement this.  The miniaturization is very impressive on this cable, ostensibly to fool those who know real hardware is a dangerous vulnerability to physically connect to.  But, setting up a “charging station” where AC outlets are not readily available is a perfect ploy for the unwitting. You’d need a specific charging only cable for protection, and keeping track of which one (must be a dozen in my place) is an extra chore.

    Question tho: re keylogging passwords though - if I’m opening my phone with Face ID, enabling Apple ID to stay logged in, use password manager to autofill required logins, can any of this be captured?
    watto_cobra
Sign In or Register to comment.