This Normal-Looking Lightning Cable Actually Steals All of Your Data

Here's some Mr. Robot-level intrigue: An innocuous USB-to-Lightning Cable that looks harmless can actually be used to steal data from your iPhone and install malware on your device. It's possible to steal all of your data from your iPhone and inject malware onto your device, even though it sounds like something you would see on a TV series.
Advertisement

Motherboard wrote recently about a similar product sold by cybersecurity company Hak5 and dubbed "OMG cable" after its inventor, security researcher MG. It looks very much like an Apple Lightning Cable and can be purchased in either a USB-C and USB-A formats. The hidden chip allows users to remotely steal data and install malicious software on MacBooks, iPads and iPhones. Vice reports that the product is being used to test penetration. It was first demonstrated at DEFCON 2019, a cyber conference in 2019.

It works like this: After being plugged in, OMG creates a WiFi hotspot that remote users can connect to. The product comes with an online interface which allows hackers to log and record activity on the target device. According to Hak5, the keylogger can log as many as 650,000 keystrokes. According to Hak5, the keylogger is designed for secret field use, and features include remote execution, stealth, forensics avoidance, and the ability to change your tooling quickly.

YouTube has a lot of videos that explain how it all works. Here's an example from David Bombal, a tech vlogger:

You can easily imagine some very nefarious scenarios with this product. To hack you, a spy would need to wait until you use the toilet at a coffee shop. Then, they could stealthily swap your Lightning cable for the OMG. It takes just a few minutes of remote finessing for all of your data to be returned to their server.

G/O Media could be eligible for a $100 commission on HP Envy Desktop Great Twitch Channelers

Your creativity and all its power are yours to embrace. Purchase for $450 at HP

Although it has a limited geographical range, its functionality seems to work from a good distance. Motherboard reported that we tested it in Oakland. We were able trigger payloads over 1 mile.

It's impressive, but also a bit scary. Keep your ports safe and secure out there.