It’s the adult version of “Never take candy from a stranger” …
A security researcher known as MG has created a Lightning cable that looks exactly like the ordinary USB to Lightning cable for charging your smartphones but is actually a malicious device for recording everything you type.
You might be wondering, why would a cybersecurity researcher make something like this and put everyone in jeopardy? Well it turns out, they basically did it to prove a point, “There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :),” MG said in an online chat.
The cables which are called as OMG cables (cause who would be surprised when all their data is leaked to a third party?) work by creating a Wi-Fi hotspot itself that can be accessed by the hacker even if he’s some miles away. After that, the hacker can easily record the keystrokes using an interface in any web browser. The cables were initially demoed for Motherboard at the DEF CON hacking conference in 2019 after which MG was able to successfully launch its mass production with cybersecurity vendor Hak5 selling the cables.
According to MG, the new cables have geofencing features where a user can trigger or block the device’s payloads based on the physical location of the cable. “It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers. We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile” he said. It seems like Type C cables can also carry out the same kinds of attacks against smartphones and tablets by simply changing keyboard mappings or forging the identity of a particular USB device which can prove to be a vulnerability on a system.