“O.MG” – your iPhone charging cable is no longer safer.
With the original iPhone box coming with 1 standard charging cable, many people resort to alternatives available in the market when their original one gets lost. A problem arising from this was that these alternative cables available could damage your iPhone due to their poor quality.
However, a new threat is now emerging which is much scarier. Recently at DEFCON 2019, a security researcher who goes by the handle of MG showcased a cable that looks completely like a normal cable in its size, design and even operates as such but also includes an implant which hackers could use to gain access to your phone and any other device which you connect it to and run secret commands all without your knowledge.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
Details and update here: https://t.co/0vJf68nxMx
— _MG_ (@_MG_) August 9, 2019
Dubbed O.MG; to use it in an attack, all the attacker has to do is to swap it with a legitimate cable without the user noticing. Afterward, when the cable is plugged in, the attacker has to enter the IP address of the fake cable in his browser and tada, they are in control now.
With that, a variety of scripts and commands could also be run from a range of up to 300 feet or 91 meters as currently tested. If that seems less, the use of an antenna could extend the distance and connecting the cable to an internet-connected wireless network could potentially render the range unlimited.
This is even more alarming as the attacker does not have to be in your near surroundings making it difficult to find the culprit. In order to hide one’s tracks, the implant could also be killed remotely but since the cable is physically modified, it can still be detected by someone technically aware of the design of an iPhone cable.
How these cables were made is no mystery. As MG wrote in his blog post, they were made by modifying original Apple cables and took about 4 hours each to assemble.
“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable.”
However, according to Vice, for the future, he has teamed up with a cyber-security firm named “Hak5” where they will create new modified cables from scratch making the entire process much easier as in his own words,
“Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables.”
These cables now costing $200 have already been sold out as seen in the screenshot above. For the time being, what we can learn from this(until we get our hands on the cable!) is that there’s a new threat out there which allows hardware components to be affected with malware and remain undetected for long periods of time.
Sure, such payloads have been seen in USB devices but this is the first time that malware-infected cables are going to become a standard part of an attacker’s toolkit and hence, the public needs to be educated more about such things.