If you’re someone who connects a USB cable to your computer without thinking twice, you got to be careful from now onwards. A security researcher named MG has developed a Lightning cable which when connected to a computer can be used to access your files and data stored in it remotely.
Dubbed “O.MG,” these cables have additional components implanted, and it is almost impossible to distinguish them from an original cable without any modification.
When connected to the target machine, the cable charges iOS devices normally but also allows hackers access to your computer remotely at the same time. It comes with scripts and commands that can be used to exploit the target computer.
Interestingly, “O.MG” cables also have a tool that kills the USB implant, thus effacing any evidence of any tampered USB device being connected to the computer.
When the security researcher typed in the IP address of the counterfeited cable in his phone’s browser, he was presented with options including opening a terminal on a Mac. Once a remote connection is established, he can run tools to access the computer remotely, reports Motherboard.
These hacked cables are the DIY creation of MG; it took four hours for him to “prepare” one USB cable.
“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable,” says MG.
He presented these cables at DefCon 2019 and is selling it for $200 each. The security researcher says that he can implant the component in any USB cable but “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”
MG is teaming up with the Hak5, a company that sells pentest devices, to produce these cables as a legitimate security tool. He will make these cables from scratch rather than using Apple lightning cables.
As a precautionary measure, we recommend using original Apple cables and refrain from using cables offered by anyone else.