A security researcher has created a hacking lightning cable called “O.MG” which is entering mass production soon. As the hacker told Motherboard via online chat, the cable looks perfectly legit from outside, and he has taken every quality control step to ensure that every one of the millions that will come out of the production lines will work as expected. The hacker who goes by the Twitter handle “_MG_” presented the cable for the first time in the most recent DefCon, even selling a small number of prototypes of $200.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
I’ve been very busy with @d3d0c3d & @clevernyyyy.
Details and update here: https://t.co/0vJf68nxMx
— MG (@_MG_) August 9, 2019
Once the victim plugs the O.MG cable into their iPhone or iPod, a hacker can run commands onto the target system. The cable features an internal wireless network interface that is hidden inside, and which acts as the remote control interface. Mass producing these cables will naturally bring their cost down, which is estimated to be around $100 per item. While we may see them for sale on various platforms, _MG_ revealed “hak5” as one certain point of sale. The popular pen-testing marketplace will help the hacker market his first product, as they have the experience and expertise on how to do it right.
Now, this has raised concerns and opposition on Twitter, as expected of course. The hacker claims that tools like this cable only drive security innovation and compel manufacturers to do a better job in protecting their customers from dangers of all kinds. Apple has responded to this by simply reminding people of their support page guidelines, where they clearly advise customers not to trust any uncertified Lightning connector accessories. To figure out if something is certified by Apple or not, look for the MFi badge (Made for iPhone). If there isn’t one, don’t risk it.
It is essential to point out that the O.MG cable will otherwise work as expected, so charging the device and moving files through it is still possible. iTunes will detect the connected device without displaying a warning about the cable, so no indication of anything wrong going on there either. The attack will only become apparent when the hacker takes wireless control of the cable and begins opening terminals on the connected Mac. You could receive this cable as a gift from “a caring person”, or someone could even swap it with yours, so beware.
Have something to comment on the above? Feel free to do just that in the comments section down below, or on our socials, on Facebook and Twitter.