A new version of the O.MG hacking tool, which looks like an unassuming Lightning cable, can compromise a range of devices and inject commands, log keystrokes, and more.
Credit: Hak5
The O.MG Elite was recently showed off at the DEFCON cybersecurity conference in Las Vegas, and The Verge recently took a look into the nefarious accessory's capabilities.
"It's a cable that looks identical to the other cables you already have," creator MG said. "But inside each cable, I put an implant that's got a web server, USB communications, and Wi-Fi access. So it plugs in, powers up, and you can connect to it."
Although the cable looks innocuous enough, it actually has the ability to covertly harvest data from devices, log keystrokes on computers, and carry out other attacks.
Compared to previous versions of the O.MG cable, the new O.MG elite packs expanded network capabilities that allow for bidirectional communication. In other words, it can listen for incoming commands from an attacker and send data from a device that it's connected to back to a control server.
Like other products sold by penetration testing tool company Hak5, the OM.G Elite has a range of capabilities. It can inject keystrokes -- or keyboard commands -- that allow it to launch apps, download malware, or steal passwords saved in Chrome.
Because of its new network features, it can then send any data that it has stolen back to an attacker. Additionally, the cable can function as a key logger that can capture the words, numbers, and characters that a user types on a machine.
The types of attacks that the cable can carry out rely on being plugged into a machine. However, that physical access could allow an attacker to compromise a range of devices, from a Mac to an iPhone.
Who's at risk
As with most sophisticated penetration testing or hacking tools, the average iPhone or Mac users has little to worry about. Unless you're a high-value target, it's unlikely that you'll be compromised with an O.MG cable.
The O.MG Elite also costs $179.99, which likely puts it out of the price range of low-level scammers. It's a tool for professionals, in other words.
With that being said, a mitigation tactic would include only using cables that you purchased yourself -- and to just generally not trust random accessories that you find or someone gives you. But, this has been good advice for more than a decade.