White-hat hacker demonstrates malicious Lightning cable with built-in Wi-Fi
Illustrating the potential threat from untrusted accessories, a hacker has developed a proof-of-concept Lightning cable with a hidden Wi-Fi chip that could allow parties to seize control of a Mac.
Nicknamed the "O.MG Cable," it closely resembles Apple's own official products. When attached though it can deliver and trigger code payloads, potentially even reflashing a system, according to its creator. In a video, the cable — controlled remotely via an iPhone Web interface — is shown opening up a phishing website on a Mac, then the O.MG project page.
"I am going to work on getting a batch of these made for researchers and those working in the industry," the latter promises.
Practically speaking most people are unlikely to face a bugged Lightning cable, since they're buying from Apple directly or MFi-certified vendors. The O.MG technique also appears to require an attacker to be within local Wi-Fi range, making it of little use even to most black-hat hackers.
You like wifi in your malicious USB cables?— _MG_ (@_MG_) February 10, 2019
The OMG cable
(Offensive MG kit)https://t.co/Pkv9pQrmHt
This was a fun way to pick up a bunch of new skills.
Not possible without help from: @d3d0c3d, @cnlohr, @IanColdwater, @hook_s3c, @exploit_agency #OMGCable pic.twitter.com/isQfMKHYQR
Conceivably though some variant could be used in political or corporate espionage, substituted in place of a target's normal cable.