A manipulated iPhone charging cable brings along various dangerous attack scenarios and transmits data via WLAN up to 90 meters home. It takes quite a bit of creativity to create products that hardly cause scepticism and are often and gladly used. But this is exactly what security researcher Mike Grover has succeeded in doing. With a charging cable from USB-A to Lightning.
As long as the cable is plugged in, the attacker can make entries
Whether it connects to a Mac or Windows PC, it works on both systems. The tampered cable, indistinguishable from standard cables, logs on to the computer as a keyboard. Attackers can now make entries on the computer at a maximum distance of 90 metres. But tricks such as displaying a false lock screen also ensure that potential victims disclose their own PIN. As soon as the cable is pulled, the attack stops. But for this, the attack must be detected. Unlike former software bugs under iOS.
The cable was presented in detail at Defcon 2019. Already at that time the cable was much discussed. It was only available in small quantities. Especially with regard to social engineering attacks, an iPhone charging cable is a perfect camouflage. Why not count them as scarce goods and they are needed everywhere else all the time.
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update!
— _MG_ (@_MG_) April 12, 2019
The manipulated iPhone charging cable is now available in stores
Among other things, the cable was made to show very clearly that it is not a good idea to plug in foreign hardware in an uncontrolled way. The message is clear “don’t just take any charger and plug it into your computer! Meanwhile the charger cable is available at the Online-Shop Hak5, which is specialized on hacking gadgets. But for the small purse the purchase is nothing. The white charging cable is available from 120 USD. On Lightning you are not limited USB-A to USB-C or USB-A to Micro-USB is also available. The cable is called “O.MG Cable” (Offensive MG).
Experience the O.MG Cable live during our Cyber Security Show!
To see is to experience. True to the motto, AWARE7 GmbH regularly creates new hardware and software in order to constantly create new hacking scenarios. Now in its fourth year, we are conducting Live Hacking & awareness campaigns at selected companies. From 2016 to 2018 still under the Institute for Internet Security – now for two years under our own flag. If we have aroused your interest, please feel free to inform yourself about our Live Hacking Show and contact us in Contact us.
Sevencast – der IT-Security Podcast
Von unterwegs, im Büro oder zu Hause hören und auf dem aktuellen Stand bleiben!