I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.
But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.
"It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.
One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.
MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.
"It’s like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.
The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence.
MG made the cables by hand, painstakingly modifying real Apple cables to include the implant.
"In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.
In the test with Motherboard, MG connected his phone to a wifi hotspot emanating out of the malicious cable in order to start messing with the target Mac itself.
See anything else worth reporting at Def con? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].
"I’m currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited." he added.
Now MG wants to get the cables produced as a legitimate security tool; he said the company Hak5 is onboard with making that happen. These cables would be made from scratch rather than modified Apple ones, MG said.
MG added, "Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables."
Subscribe to our new cybersecurity podcast, CYBER.
ThisOneTimeAtLolCamp on August 11st, 2019 at 13:52 UTC »
Whilst very cool, it's also a little unnerving.
Imagine if this trickled down from a strictly proof of concept standpoint to somebody who could mass produce them. You'd never be able to pick up cheap cables on Amazon and whatnot again.
pro-user on August 11st, 2019 at 12:59 UTC »
It is impressive to see that the added components were able to fit inside a regular Apple Lightning cable. Stuff is getting small!
_Neoshade_ on August 11st, 2019 at 12:44 UTC »
Am I understanding correctly that he’s broadcasting an ad-hoc Wi-Fi Network with components inside the cable???