New malicious Lightning cable can steal user data from a mile away

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

A new and upgraded version of a malicious Lightning cable that can steal user data and remotely send it to an attacker illustrates the threat of untrusted accessories.

The OMG Cable, which looks exactly like a standard Lightning to USB cable, was first demoed back in 2019 by security researcher MG. Since then, MG was able to work with cybersecurity vendor Hak5 to mass-produce the cables for researchers and penetration testers.

Although users would be hard-pressed to find anything unusual about the cables from the outside, they pack some under-the-hood modifications that make them useful to hackers. An OMG cable plugged into a Mac to connect Apple's Magic Keyboard could, as an example, log passwords or anything else a user types and send that data to a remote attacker.

The new version of the OMG cable includes a Lightning to USB-C option and other upgraded capabilities for security researchers to test out, Vice reported Thursday.

"There were people who said that Type C cables were safe from this type of implant because there isn't enough space. So, clearly, I had to prove that wrong," security researcher MG told Vice.

For example, MG says the new cables have geofencing features that can switch attacks based on a victim's physical location. The range of the cables has also been improved, with researchers able to trigger malicious payloads from more than a mile away. The addition of USB-C connectivity could also — in theory — allow the cable to carry out attacks like mobile devices like the iPhone.

OMG cables, which are available from Hak5 for about $120, work by creating a Wi-Fi hotspot that an attacker can connect to from their own devices. Once connected, they can use a normal web browser interface to log keystrokes or carry out other attacks.