This Lightning Cable with a Hidden Chip Can Steal Your Passwords

This Innocent-Looking Lightning Cable Can Steal Your Passwords and Remotely Send Them to a Hacker

Although Apple focuses a lot on the security of iPhones, there are a few industry-grade tools that can be used to crack an iOS device and acquire password-protected data of users. However, a security researcher has developed a malicious lightning cable that you can use to record anything you type on your iPhone and send it to a hacker remotely.

OMG! USB Cables Can Now Steal Your Passwords

Yes, you read that right! Dubbed OMG Cables, the standard-looking lightning cable is developed by a security researcher who goes by the name of MG. The researcher essentially fitted a tiny, custom-made chip inside a lightning cable to create the OMG cable. MG says that the malicious implant is around half the length of a plastic shell.

This Innocent-Looking Lightning Cable Can Steal Your Passwords and Remotely Send Them to a Hacker
Image via: Vice

The researcher recently shared some interesting tidbits about his product with Vice. MG previously showcased earlier versions of OMG cables for Motherboard at the DEFCON hacking conference. However, in the latest report, MG showed a newer version of the cable that comes in different variations, including a Lightning to USB-C model, and improved wireless capabilities.

“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong,” MG told Vice in a statement.

How Does This Cable Work?

Now, coming to the working of OMG Cables, they essentially create a Wi-Fi hotspot to which a hacker can connect their device. Following a successful connection, the hacker can use a simple web interface to acquire the keystrokes of a user who uses one of these cables to charge their device.

So, once a user connects an iPhone to an OMG Cable to charge it up, the cable will start sending the keyboard data to the hacker wirelessly. While the user will remain unaware and might type their banking details like passwords, credit or debit card CVVs, or any other sensitive information on their device while their device is charging, the hacker will be able to acquire the data on their connected device.

Furthermore, the newer OMG Cables come with geofencing features. This lets a user or a hacker block the payload of the device based on its physical location. This prevents the data from leaking or falling into the wrong hands. “It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” MG further added.

Now, if you think that the OMG Cables are dangerous, knowing that MG is mass-producing these malicious cables is much scarier. Although Apple recommends using MFi-certified accessories for iPhones and other Apple devices, there is a large market for non-certified, third-party accessories. So, as you can imagine, this might affect several users who prefer uncertified accessories for their iPhones.

Hence, if you use non-MFi products to charge your iPhone or transfer data, you might want to avoid these USB cables. You can check for the MFi mark on the boxes of accessories before buying them to protect your data and keep your device safe.

Featured Image Courtesy: Vice

Leave a Reply