This year’s Def Con conference showed a Lightning cable for the iPhone, with which an attacker could gain remote access to a computer. Now this cable can be purchased for $200.
This device looks and works like Apple’s standard USB cable, however there is one small nuance that allows an attacker to hack into a macOS computer.“My project raised serious interest and I was helped in every way in its implementation. There were many requests for the purchase of this cable”, – comments the developer of the modified cable, known under the pseudonym MG.
The enthusiast, known on Twitter under the pseudonym MG, has long been well known in the information security community. So, when creating a malicious USBHarpoon cable, it was his work that inspired such legends as Kevin Mitnik. The fact is that MG repeatedly demonstrated in its microblog attacks using man-made malicious USB cables and even the failure of special protective adapters (such solutions are known as USB condoms or USB condom), which are designed to protect against attacks via USB.
MG first demonstrated its new creation, a malicious cable called O.MG cable, developed with the support of several more talented engineers at the beginning this year. Such a cable does not look different from the usual one, and it can be connected to a machine running Linux, MacOS or Windows.
However, in reality, the O.MG cable is not at all so simple and is defined by the system as a HID (Human Interface Device), that is, a USB device for interacting with a person (usually a keyboard, mouse, game controller, and so on). Since MG added to its development and support for wireless connections, as a result, by connecting the O.MG cable to the target machine, the attacker is able to execute any commands via Wi-Fi, as if he simply types them on the keyboard of the target computer.
“It’s like sitting with the victim’s keyboard and mouse, but not physically being there”, – MG said.
O.MG cable comes with ready-made payloads, and its operator even has the ability remotely “kill” a USB implant, sweeping tracks.
Currently (with a direct connection to the cable), the attacker can be located within a radius of about 90 meters from his target, but MG emphasizes that the cable can also be configured to work as a client in the nearest wireless network. If this wireless network has Internet access, the distance for the attack becomes unlimited.
Read also: Twitter accidentally shared users’ data with advertising partners
The researcher said that reworking the original Apple cables by hand proved to be a daunting task, but if you make the cables from scratch and on a larger scale, this problem will disappear by itself (while MG takes about 4 hours to assemble one cable).
User Review
( votes)
