Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords

Vice reports that a Lightning cable, which is normal in appearance, has been created to hack data such as passwords and send it back to hackers.
Comparison of the "OMG Cable" to Apple's Lightning-to-USB cable. Comparative comparison of the "OMG Cable" to Apple's Lightning-to-USB cable.

The "OMG Cable" functions exactly as a Lightning to USB cable. It can log keystrokes from any connected Mac keyboard, iPad, or iPhone and send these data to bad actors who may be more than a mile away. They create a Wi-Fi hotspot for hackers to connect to and then record keystrokes using a web app.

Geofencing is a feature that allows users to block or trigger the device's payloads depending on their location. This prevents leakage of keystrokes and payloads from other devices. You can also change the keyboard mappings or forge the identity USB devices.

Play

These cables have a tiny implanted chip, and are physically identical to authentic cables. This makes it very difficult to distinguish a malicious cable. The cable can continue operating as normal because the implant takes up half the length of a USB connector's plastic shell.

An x-ray image of the implanted chips inside the USB-C connector of an OMG Cable. An x-ray image of the implanted chips inside the USB-C connector of an OMG Cable.

These cables were created as part of a series by security researcher "MG" and are now in mass production for sale by cybersecurity vendor Hak5. These cables come in many versions, from Lightning to USB-C. They can also visually imitate cables from various accessory manufacturers, which makes them a significant threat to device security.