Not all Lightning cables are created equal. In fact, the security researcher known as MG has managed to create a special cable that looks like Apple’s official Lightning cable with one crucial difference: it gives an attacker a way to remotely tap into your computer.
All MFi Lightning cables contain a special chip that encrypts and decrypts data. MG has modified Apple’s cable to include an USB implant. According to Motherboard, it comes with scripts and commands that an attacker can run on the victim’s machine. A hacker can also remotely disable the USB implant in an effort to hide evidence of its use.
As soon as the cable is plugged into a computer and a Trust This Computer? prompt has been accepted, the payload is executed. From that point onward, a hacker can remotely access your Mac, run Terminal commands and do other potentially nefarious things.
MG typed in the IP address of the fake cable on his own phone’s browser and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim’s computer.
The implant within the cable creates a Wi-Fi hotspot that is used to access the target Mac.
‘I’m currently seeing up to 300 feet with a smartphone when connecting directly,’ he said when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, ‘But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited.’ he added.
MG demonstrated how the cable works at the annual Def Con hacking conference held last week. With these things in the wild, you should be careful because a rogue party could swap this malicious tool for your legitimate one.
MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.
Both Apple’s cables and ones from third parties are susceptible of this attack.
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
Details and update here: https://t.co/0vJf68nxMx
— _MG_ (@_MG_) August 9, 2019
MG says the ultimate goal is to produce these cables as a legitimate security tool. For now, he’s selling them for $200 each.
Are you worried about this new attack vector?
Let us know in the comments!