Dummy Lightning cables used to hack iPhones and iPads are headed into mass production, posing a potential threat to a lot of consumers.
Image: HAK5
According to a new report from Vice‘s Motherboard, the cables — called O.MG Cables after their creator, self-taught electronics hacker MG — are OEM Lightning cables direct from Apple that have been opened and modified to install additional components. The modifications are undetectable to the naked eye and there is no way to tell the hacked cable from the original.
Now, the cables will be produced in mass and will be available for purchase. The researcher had previously sold some early production units at the Def Con hacking conference for about $200 USD each, but mass production is expected to bring the cost down to somewhere around $100 per cable.
The cable itself can actually charge devices and transfer data, just like a standard lightning cable. It goes beyond that, however, by also offering a wireless hot spot that a hacker can connect to, which then allows the hacker to run commands on a computer, control certain aspects of it, and more.
An attacker can reach the O.MG cable from 300 feet away using Wi-Fi from a regular phone, but a suitable booster antenna connected to your computer or phone could enable a connection from even further away. MG is hoping that the cable will help raise awareness of the fact that anything you plug into your computer could be malicious.
“I’ve completely torn the cable apart to make sure there aren’t any production stoppers,” MG said, adding that “I’m just being super transparent about the process” and mostly “everyone who manufactures something is going to keep it quiet up until release day when they unveil the entire thing and it’s ready for sale or they at least have a sale date.”
“The first batch of production samples are confidence inspiring,” point of sale Hak5’s Darren Kitchen told Motherboard. “We’re balancing a number of factors in getting these mischief gadgets produced — and I think everyone is going to be excited by the finished products. The production process has been pretty straightforward, given our experience making pentest [penetration testing] implants.”
Here’s to hoping MG is careful about who he sells these cables to. Sure, $100 USD per cable seem steep, but for someone looking to get their hands on data from a large group of specific users, it’s a small price to pay.
