This USB-C to Lightning Cable Lets Hackers Steal Passwords, Other Data
A new version of the OMG USB-C to Lightning cable made by the security researcher known as MG can record everything that is typed, including passwords, when used to connect a keyboard to the Mac, Motherboard is reporting.
An earlier version of the malicious cable was demoed by MG at the DEF CON hacking conference in 2019. The cables went into mass production shortly after that, and cybersecurity vendor Hak5 started selling the cables.
The latest version, however, comes in new physical variations, including Lightning to USB-C, and includes a lot more capabilities for hackers. Called the OMG Cables, they work by creating a Wi-Fi hotspot that a hacker can connect to from their own device and start recording keystrokes via a browser interface.
“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :),” said MG.
MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.
“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” he said.
MG also said that the Type C cables allow the same sort of attacks to be carried out against smartphones and tablets.