An iPhone Lightning cable that has been configured to enable remote, malicious access to a computer is not just on show at Def Con this year, it’s on sale. The cable looks and works like an original Apple USB cable—and so it should, because the O.MG cables started out as exactly that. Except this cable has its little after-market twist—when it’s used to connect a phone to a Mac, it enables an attacker to mount a wireless hijack of the computer.
“There has been a lot of interest and support behind this project,” the developer says on his blog, “and lots of requests on how to acquire a cable. That’s a great feeling!”
The cable has been in the news before. But now it is being offered for sale to Def Con attendees who can track the developer down. This is being presented as a capability for the good guys, but it clearly has some frightening implications. Cables given as gifts, provided by hotels or airport lounges, swapped out… the options are endless.
The nasty trick to this mod is that the cables perform as expected—phones charge, iTunes opens, the usual dialog boxes appear. But the cable contains a wireless implant that can be accessed from an attacker in its vicinity—MG claims he can now access a device at up to 300 feet. But configure the cable “to act as a client to a nearby wireless network, and if that wireless network has an internet connection, the distance basically becomes unlimited.”
MG told Vice’s Joseph Cox that “it’s like being able to sit at the keyboard and mouse of the victim but without actually being there.” The software kit with the cable includes various commands to attack the target machine, and a “kill switch” to erase the compromise when the hack is complete.
There is even a polished UI to ease to simply the process.
“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable.”
The cable project started as a “personal hardware learning project,” MG says, but has now morphed into a full-scale development project looking for a home. Part of the challenge now is after-market adapting original Apple cables. If the cables are made from scratch, at scale, that challenge goes away. “It has been taking me nearly four hours to complete a cable,” MG says, “and I am seeing a 10-20% yield rate. But that should be solved by moving this into manufacturing.”
For $200, MG is offering Def Con customers “early access to the cable and some of the new features—as well as “a 50% off discount code that can be used when the production cable goes live on Hak5.”
Intel agencies around the world specialize in after-market adaptations of original equipment to ensure they pass muster and don’t arouse suspicion. Spotless labs have engineering benches adorned with sections of internal car fittings, lampshades, coffee pots and TVs. High on the list for the professionals is defense against compromise, removing operational signatures, ensuring that if a device is compromised, components cannot be traced back. The ability to “disavow” and erase a compromise is high on the requirements list. This ticks the boxes.
The transparency of this project is interesting—a capability normally kept firmly behind closed doors. It does provide some warning, though, to users as to the risk of using any cables or accessories from anything but fully trusted sources.