An iPhone Lightning cable that has been configured to enable remote, malicious access to a computer is not just on show at DefCon this year, it’s on sale. DefCon is an annual security convention held in Las Vegas where hackers of all stripes come to put their discoveries on display. You won’t see these at 7-11 (not yet, anyway), but the message here is that security applies to all facets of our digital life, from the apps that we install on our phones and computers to the hardware that we purchase. Consider the recent sanctions on the Chinese company Huawei, who is said to have enabled spyware on consumer smartphones that were slated to be sold in the United States market. This would have ostensibly Huawei – who partners with the Chinese government – unfettered access to the contents of said smartphones.
The cable featured at DefCon looks and works like an original Apple USB cable—and so it should, because the O.MG cables started out as exactly that. Except this cable has its little after-market twist—when it’s used to connect a phone to a Mac, it enables an attacker to mount a wireless hijack of the computer.
The nasty trick to this mod is that the cables perform as expected—phones charge, iTunes opens, the usual dialog boxes appear. But the cable contains a wireless implant that can be accessed from an attacker in its vicinity—MG claims he can now access a device at up to 300 feet. But configure the cable “to act as a client to a nearby wireless network, and if that wireless network has an internet connection, the distance basically becomes unlimited.”
“There has been a lot of interest and support behind this project,” the developer says on his blog, “and lots of requests on how to acquire a cable. That’s a great feeling!”
MG told Vice’s Joseph Cox that “it’s like being able to sit at the keyboard and mouse of the victim but without actually being there.” The software kit with the cable includes various commands to attack the target machine, and a “kill switch” to erase the compromise when the hack is complete.
There is even a polished UI to ease to simply the process.
“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable.”
The cable project started as a “personal hardware learning project,” MG says, but has now morphed into a full-scale development project looking for a home. Part of the challenge now is after-market adapting original Apple cables. If the cables are made from scratch, at scale, that challenge goes away. “It has been taking me nearly four hours to complete a cable,” MG says, “and I am seeing a 10-20% yield rate. But that should be solved by moving this into manufacturing.”
For $200, MG is offering Def Con customers “early access to the cable and some of the new features—as well as “a 50% off discount code that can be used when the production cable goes live on Hak5.”
H/T Forbes Magazine online