News

Lightning cable for hacking a computer on macOS is on sale

This year’s Def Con conference showed a Lightning cable for the iPhone, with which an attacker could gain remote access to a computer. Now this cable can be purchased for $200.

This device looks and works like Apple’s standard USB cable, however there is one small nuance that allows an attacker to hack into a macOS computer.

“My project raised serious interest and I was helped in every way in its implementation. There were many requests for the purchase of this cable”, – comments the developer of the modified cable, known under the pseudonym MG.

Reference:

The enthusiast, known on Twitter under the pseudonym MG, has long been well known in the information security community. So, when creating a malicious USBHarpoon cable, it was his work that inspired such legends as Kevin Mitnik. The fact is that MG repeatedly demonstrated in its microblog attacks using man-made malicious USB cables and even the failure of special protective adapters (such solutions are known as USB condoms or USB condom), which are designed to protect against attacks via USB.

MG

MG first demonstrated its new creation, a malicious cable called O.MG cable, developed with the support of several more talented engineers at the beginning this year. Such a cable does not look different from the usual one, and it can be connected to a machine running Linux, MacOS or Windows.

However, in reality, the O.MG cable is not at all so simple and is defined by the system as a HID (Human Interface Device), that is, a USB device for interacting with a person (usually a keyboard, mouse, game controller, and so on). Since MG added to its development and support for wireless connections, as a result, by connecting the O.MG cable to the target machine, the attacker is able to execute any commands via Wi-Fi, as if he simply types them on the keyboard of the target computer.

“It’s like sitting with the victim’s keyboard and mouse, but not physically being there”, – MG said.

O.MG cable comes with ready-made payloads, and its operator even has the ability remotely “kill” a USB implant, sweeping tracks.

Currently (with a direct connection to the cable), the attacker can be located within a radius of about 90 meters from his target, but MG emphasizes that the cable can also be configured to work as a client in the nearest wireless network. If this wireless network has Internet access, the distance for the attack becomes unlimited.

Read also: Twitter accidentally shared users’ data with advertising partners

The researcher said that reworking the original Apple cables by hand proved to be a daunting task, but if you make the cables from scratch and on a larger scale, this problem will disappear by itself (while MG takes about 4 hours to assemble one cable).

The fact is that the O.MG cable home project is about to grow into a full-fledged production, since Hak5 has already agreed to cooperate with MG, and they plan to put O.MG cable production on the stream, selling devices as a legitimate tool for Pentesters and information security professionals.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-xbuhoxu.store pop-up ads (Virus Removal Guide)

News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…

9 hours ago

Remove News-xbadeyo.today pop-up ads (Virus Removal Guide)

News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…

9 hours ago

Remove News-bbutohu.info pop-up ads (Virus Removal Guide)

News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…

10 hours ago

Remove News-bbucoxe.today pop-up ads (Virus Removal Guide)

News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…

10 hours ago

Remove News-xdetake.cc pop-up ads (Virus Removal Guide)

News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…

13 hours ago

Remove News-bbufiya.today pop-up ads (Virus Removal Guide)

News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…

13 hours ago