The cables in query (dubbed O.MG Cables) are cables immediately from Apple which have been opened up to permit for added parts to be implanted, however the modifications are undetectable and there is not any approach to distinguish the hacked cable from the unique.
Image through Motherboard
When plugged into a goal laptop, the cable behaves as a typical cable does, connecting to and charging iOS units, however it additionally lets hackers remotely join to a machine to run instructions. It comes outfitted with scripts and instructions that a hacker can run on a sufferer’s machine, together with instruments to “kill” the USB implant to conceal proof of its existence.
MG typed within the IP deal with of the pretend cable on his personal telephone’s browser, and was offered with a listing of choices, corresponding to opening a terminal on my Mac. From right here, a hacker can run all kinds of instruments on the sufferer’s laptop.
“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG stated.
In a check with Motherboard, MG was ready to join his telephone to a WiFi hotspot that the cable was emitting. He stated he wanted to be inside 300 ft to entry the goal machine, but additionally stated that the cable may be configured to act as a consumer for a close by wi-fi community, doubtlessly permitting for hacking from a limiteless distance.
“I’m currently seeing up to 300 feet with a smartphone when connecting directly,” he stated, when requested how shut an attacker wants to be to make the most of the cable as soon as a sufferer has plugged it into their machine. A hacker may use a stronger antenna to attain additional if vital, “But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited.”
MG imagines the cable might be swapped in for a goal’s legit cable or gifted to somebody as a result of it appears to be like precisely like an Apple cable, full with correct packaging. Each of those cables had been made by hand and are being bought by MG for $200, however he’s teaming up with a firm to produce them as a legit safety software.
It’s not clear if there may be any protection towards this type of hack, however it seems like these cables are prohibitively costly and restricted in availability on the present time. Those involved can buy cables immediately from Apple with out accepting free cables from anybody. Apple can also be growing a mitigation and has beforehand restricted different USB entry strategies by way of USB Restricted Mode.
https://www.macrumors.com/2019/08/12/hacked-lightning-cable-remote-access/