Friday, September 3, 2021

This Lightning cable could steal all your passwords

After showcasing a fake Lightning cable at Def Con back in 2019, security researcher Mark Grover (also known as MG) is back with a new version of his OMG Cable.

While MG's custom cable may resemble one of Apple's Lightning cables, its actually part of a series of penetration tools capable of recording everything a user types and wirelessly sending this data to a hacker that can be more than a mile away.

Following the creation of his original prototype in 2019, MG began mass producing his fake Lightning cables and the cybersecurity vendor Hak5 began selling them online.

Now MG's latest cables come in additional variations including Lighting to USB-C to provide hackers with even more capabilities and allow them to gain access to a wider variety of devices.

OMG Cable 2.0

As reported by Vice's Motherboard, MG's OMG Cable work by creating a Wi-Fi hotspot in the cable itself that a hacker can connect to from other devices.

Once connected to the cable, a web interface inside a browser allows a hacker to start recording a victim's keystrokes. According to MG, the hardware used to do this takes up around half the length of the plastic shell.

The latest iteration of the OMG Cable also packs in extra features such as geofencing which allows a hacker to block payloads sent to a device based on the physical location of the cable. There's even a self-destruct feature if an OMG Cable leaves the scope of engagement according to MG.

With the addition of USB-C, the cables now allow attacks to be carried out on a wider range of smartphones and tablets. Other improvements include being able to change keyboard mappings and forge the identity of specific USB devices.

Although MG has created several new variations of his OMG Cable, finding the parts to make them has proved difficult as the global chip shortage has also affected his operations.

Via Motherboard



No comments:

Post a Comment

5 investors discuss what’s in store for venture debt following SVB’s collapse

There are many questions around the implications of Silicon Valley Bank’s (SVB) collapse that won’t be answered for a long time. But there’s...