Here is one more reason to live in fear: a jacked up Apple Lightning cable that enables hackers to remotely access your Mac.
According to Motherboard and Forbes, a hacker who goes by the name MG didn't just showcase this product at the recent Def Con, a hackers’ conference in Las Vegas, but also sold them at US$200 (RM840) a pop.
The article states that the modified cable called O.MG looks and works just like a regular Apple Lightning cable except that it has an implant that enables a hacker to wirelessly hijack the computer it's plugged into. MG claims that hackers can manipulate the compromised computer from a distance of up to 90m.
“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG told Motherboard.
I will be dropping #OMGCables over the next few days of defcon.— _MG_ (@_MG_) August 9, 2019
I will also have 5g bags of DemonSeed, if that’s your thing.
I’ve been very busy with @d3d0c3d & @clevernyyyy.
Details and update here: https://t.co/0vJf68nxMx
Tech Crunch reports that once the compromised cable is in use, the attacker can send phishing pages to the user or even remotely lock the screen, forcing the user to reveal their password when they log back in.
Although he started with the Apple Lightning cable, MG reveals that the implant can be used in any other cable to infiltrate non-Mac computers.
“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” MG says in the TechCrunch article.
An ethical hacker by day with Verizon Media (owner of Tech Crunch), the same article states that MG spent over four hours assembling each cable, sometimes with help from other hackers, as a personal project.
However it is not revealed if the hackers would still be able to maintain a connection to the breached computer once the cable is removed.
“There has been a lot of interest and support behind this project, and lots of requests on how to acquire a cable. That’s a great feeling,” the hacker writes on his blog.
MG tells Tech Crunch that though he made the cable out of personal interest, he also envisions it as a way to push cybersecurity experts to think outside the box and change their defence tactics.
“Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat. So this helps drive home education that goes deeper,” he was quoted as saying.