USB-C To Lightning Cable Implanted With Password Stealing Chip Puts Users At Risk
KEY POINTS
- The OMG Cables can gather user data from any connected device
- The cable sends the acquired data to threat actors as far as one mile
- The product has "entered mass production and will be sold soon"
A USB-C to Lightning cable implanted with a chip capable of stealing passwords and leaking credentials entered into a connected device now puts users at serious risk.
The “OMG Cable,” a chip implanted wire, is capable of leaking everything that a user types on iPhone, iPad, or Mac keyboards connected to it, The Vice reported.
The genuinely looking USB-C to Lightning cable logs everything that a user enters to a connected device. The gathered data is then wirelessly sent to threat actors as far as more than one mile away from the source, the report said.
The malicious cable executes its attack through a small chip implanted to it. The implant occupies about half of the size of the USB-C connector’s plastic shell and matches the looks of an authentic wire. It looks almost similar to a real cable so users will find it hard to identify the counterfeit from not.
The OMG Cable steals passwords by creating a wi-fi hotspot where threat actors connect. Once connected, attackers simply use a web app in an ordinary browser to leak all the data they need.
A security researcher, known as MG, introduced the earlier version of the password-stealing cables in 2019. The security researcher unveiled the technology for Motherboard at the DEF CON hacking conference in August that year.
After months of work, I am now holding the very first fully manufactured #OMGCable. I can’t wait to get these up on https://t.co/mVYIMD3v7g
— _MG_ (@_MG_) September 29, 2019
Now time for a fully destructive teardown to make sure they meet all my requirements for a fully field-ready piece of attack hardware. pic.twitter.com/lMVBv5RRjw
OMG Cables is part of the penetration testing tools series created by MG. In October same year, the security researcher announced that the cables entered mass production. Hak5, a cybersecurity vendor started selling the product later on.
Now the security researcher is back to unveil the improvements it has done on the OMG Cables. The password-stealing capable cable includes more features and comes in a wider physical variation including USB-C to Lightning Cables.
"There were people who said that Type C cables were safe from this type of implant because there isn't enough space,” MG said in an online chat with Motherboard. “So, clearly, I had to prove that wrong. :)," he added.
Along with the added variations, MG said the OMG Cables can now trigger or lock a device’s payload depending on its location. Users may also expect the cable to mimic other manufacturer’s cables.
MacRumors reported that the OMG USB-C to Lightning Cables entered mass production and will be sold by Hak5 in the days ahead.
© Copyright IBTimes 2024. All rights reserved.
-
Boeing Probed In US Over Possible Falsified Records On 787
-
Crypto Industry Lost $71M To Security Incidents Last Week: Blockchain Security Firm
-
Far-right Parties Wage Disinfo War Ahead Of EU Vote
-
'Everybody Is Vulnerable': Fake US School Audio Stokes AI Alarm
-
Former US Ambassador Asserts Taiwan Will Receive Support From Trump If He Wins
-
Heatwave Hammers Thailand's Stinky But Lucrative Durian Farms
-
Vietnam Temperature Records Tumble As Heatwave Scorches
-
Self-care: Orangutan Seen Apparently Treating Wound
-
European Court Upholds Italy's Claim To Greek Bronze In US Museum
-
Colombian School, A Grim Reminder Of Atrocities Of Rubber Fever
