White-hat hacker demonstrates malicious Lightning cable with built-in Wi-Fi

Posted:
in macOS
Illustrating the potential threat from untrusted accessories, a hacker has developed a proof-of-concept Lightning cable with a hidden Wi-Fi chip that could allow parties to seize control of a Mac.

O.MG Cable


Nicknamed the "O.MG Cable," it closely resembles Apple's own official products. When attached though it can deliver and trigger code payloads, potentially even reflashing a system, according to its creator. In a video, the cable -- controlled remotely via an iPhone Web interface -- is shown opening up a phishing website on a Mac, then the O.MG project page.

"I am going to work on getting a batch of these made for researchers and those working in the industry," the latter promises.

Practically speaking most people are unlikely to face a bugged Lightning cable, since they're buying from Apple directly or MFi-certified vendors. The O.MG technique also appears to require an attacker to be within local Wi-Fi range, making it of little use even to most black-hat hackers.

You like wifi in your malicious USB cables?

The OMG cable
(Offensive MG kit)https://t.co/Pkv9pQrmHt

This was a fun way to pick up a bunch of new skills.

Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR

-- _MG_ (@_MG_)


Conceivably though some variant could be used in political or corporate espionage, substituted in place of a target's normal cable.

Comments

  • Reply 1 of 17
    SoliSoli Posts: 10,035member
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    racerhomie3StrangeDayslkruppmac_dogredgeminipawatto_cobrajony0
  • Reply 2 of 17
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    But but but Apple is just being greedy and trying to rip off consumers with cables that cost $3 more than licensed third parties!
    lkruppmac_dogredgeminipawatto_cobrajony0
  • Reply 3 of 17
    lkrupplkrupp Posts: 10,557member
    Yeah, I’m not too worried about this but it demonstrates that privacy and security in the digital age is an almost unobtainable goal.
    Carnagewatto_cobrajony0
  • Reply 4 of 17
    A friend of mine bought a "cheaper" knockoff cable and wondered why it didn't work. She then proceeded to complain about why Apple's cables are more then the knockoffs. This is a VERY GOOD example of why. THANKS APPLE for protecting us yet again.
    watto_cobra
  • Reply 5 of 17
    SoliSoli Posts: 10,035member
    Data port privacy is why I try not to use open USB ports, like in hotels and airports. I use my PSU in an outlet (or my MBP or portable battery pack when plugging in it's an option), but I'll likely move to one of the security-focused USB adapters that only allow for charging and actively block data, like LockedUSB.


    I can't wait for Qi charging pads to become more commonplace for topping off a device.
    edited February 2019 watto_cobra
  • Reply 6 of 17
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    But but but Apple is just being greedy and trying to rip off consumers with cables that cost $3 more than licensed third parties!
    I don’t understand your point. How is the price of Apple’s cables related to the hack this guy created? Are you saying that the two h Apple developed is safer than the cheaper third party cables? Or that as long as it’s MFI it’s safe? This I could agree to. 
  • Reply 7 of 17
    lkrupp said:
    Yeah, I’m not too worried about this but it demonstrates that privacy and security in the digital age is an almost unobtainable goal.
    Was it ever obtainable? Of course, it depends on your definition of both terms. I don’t feel less safe in these “digital days”. I just think that carelessness is simply exploited more easily. 

    Edit: fixed grammar, I hope. 
    edited February 2019 n2itivguy
  • Reply 8 of 17
    mac_128mac_128 Posts: 3,454member
    Just imagine how much worse this could be using USB-C with no regulation
    watto_cobra
  • Reply 9 of 17
    DarkPaladin23DarkPaladin23 Posts: 1unconfirmed, member
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    This is NOT an example of Apple protecting you. Their cables really are mostly just overpriced. I've had cables that cost half as much last multiple YEARS. That said, there really are a lot of very poor quality USB cables out there, some of which could even damage your devices. Be smart and read reviews. If you're concerned about your data (you should have been TEN years ago) use what is being called a USB Condom (it blocks data access by inserting blanks where the data pins for USB go). A device like that can be used anywhere without fear that your cable is going to hack you...
    minicoffee
  • Reply 10 of 17
    netroxnetrox Posts: 1,415member
    Ok, what's different from USB cables? You can embed anything inside cable and take over the system, right?
    watto_cobra
  • Reply 11 of 17
    So... this is a device that exploits potential weaknesses in the Mac. I thought this was going to say that it exploited the Lightning interface to break into an iOS device, but that’s not the case here. This is nothing specifically related to it being a Lightning cable, other than it’s familiar to people living in the Mac/iPhone world.

    There are lots of USB devices that are purpose-built to attack Mac or Windows host computers. Most allow attackers to pre-set payloads that deploy when they’re plugged in.

    The real novelties here are that a) It’s packaged to look like a regular cable (Lightning or otherwise), and b) It’s controllable via wifi by a nearby attacker. Leave one of these laying in a public hotspot area and you could be sitting across the room calling the shots - assuming they don’t just throw it in their bag and walk away.
    watto_cobra
  • Reply 12 of 17
    lkrupplkrupp Posts: 10,557member
    So the hacker has to first get you to buy his cable and then sit outside your house or apartment within range of its WiFi signal to perform the dirty deed? That’s kinda wacky isn’t it? I think the people who think this stuff up and the tech blogs that sensationalize them are stretching things a bit.
    edited February 2019 watto_cobra
  • Reply 13 of 17
    SoliSoli Posts: 10,035member
    lkrupp said:
    So the hacker has to first get you to buy his cable and then sit outside your house or apartment within range of its WiFi signal to perform the dirty deed? That’s kinda wacky isn’t it? I think the people who think this stuff up and the tech blogs that sensationalize them are stretching things a bit.
    Not at all. They can leave the cable, as previously mentioned and as we've seen with seeding USB flash drives for the last 2 decades. this can used to both distribute malware, and with WiFi being built-in has the additional benefit of being remotely trespassed through additional vectors since connecting to WiFi means they don't even need to be on location when the cable is used.

    You can say it's sensationalized all you want, but I prefer when Apple addresses HW and SW vulnerabilities, even when the chances of being targeted are slim. For example, I felt that Apple killing their FaceTime group chat to address the issue from their server and then issuing an iOS patch the next week was the only reasonable move even though I never once feared that someone would call me via FT in order to record me without me agreeing to the call.
    watto_cobra
  • Reply 14 of 17
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    But but but Apple is just being greedy and trying to rip off consumers with cables that cost $3 more than licensed third parties!
    I don’t understand your point. How is the price of Apple’s cables related to the hack this guy created? Are you saying that the two h Apple developed is safer than the cheaper third party cables? Or that as long as it’s MFI it’s safe? This I could agree to. 
    I think the "But but but" was intended to indicate sarcasm.
    watto_cobra
  • Reply 15 of 17
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    But but but Apple is just being greedy and trying to rip off consumers with cables that cost $3 more than licensed third parties!
    What does cost have to do with this? If anything, Apple’s original lightning cables should be more durable than 3rd party cables, but from what I’ve noticed...most 3rd party cables last longer.
  • Reply 16 of 17
    I pay deep respect for the exceedingly high level of integration and functionality. I would find it hard to cram an ESP8266-EX based design into a form factor as small as a lightning cable and then assemble it in a way which makes it indiscernible from the original.
    watto_cobra
  • Reply 17 of 17
    genovellegenovelle Posts: 1,480member
    Soli said:
    And people wonder why Apple works so hard to protect your our data with great components like the T-series chips. If a WHH has made this then chances are independent, gov't, or corporate BHH have considered and created something similar already.
    This is NOT an example of Apple protecting you. Their cables really are mostly just overpriced. I've had cables that cost half as much last multiple YEARS. That said, there really are a lot of very poor quality USB cables out there, some of which could even damage your devices. Be smart and read reviews. If you're concerned about your data (you should have been TEN years ago) use what is being called a USB Condom (it blocks data access by inserting blanks where the data pins for USB go). A device like that can be used anywhere without fear that your cable is going to hack you...
    You get what you pay for. When you open the lightning end of a Apple cable there are a number of chips that perform specific functions including security and power management. The same is not found in cheap cables. If you want what Apple offers, pay for it. Otherwise you don’t. They have a certified program that allows access to chips for vetted companies to maintain security but allow for a wider variety of cables than what fits Apple’s idea of perfect. 
Sign In or Register to comment.