You probably know better than to insert an unknown USB flash drive into your computer. A hacker may gain access to your sensitive information if a malicious program is installed on your computer. Now, however, motorists don’t have to be the only ones on guard. A security expert demonstrated how any USB cable, including ones designed to look like Apple’s Lightning cable, can be used to gain unauthorized access to your computer.
According to Motherboard, a security researcher working for Verizon Media named Mike Grover (also known as “MG” online) has developed Lightning cables that can infiltrate a computer and steal data.
After selling a few “O.MG cables” at the Def Con security conference, MG is now collaborating with online security products retailer Hak5 to sell a version of the Lightning lookalike cable for around $100.
MG assures The Verge that his Lightning cables are mechanically and aesthetically identical to the Apple-supplied Lightning cable. Yet MG concealed its software and hardware, including a wireless access point, inside its USB connector. The cable can be remotely activated to try to steal login credentials or install malicious software on a target computer once it is plugged in.
Since at least 2008, MG claims that similar cables to the O.MG cable have been in use. The majority of the attack surface, he says, is nothing new. According to reports, the NSA also created a similar cable, which they dubbed COTTONMOUTH, and which could be plugged into a user’s computer in order to wirelessly transmit software.
Nonetheless, MG didn’t require the NSA’s facilities. He did it in his kitchen using a small personal circuit board milling machine from Bantam Tools to add tiny circuit boards to a standard Lightning cable. He worked with a small group of others to create the cable’s operating software. He says, “To do this, you don’t need a nation-state anymore.”
One of MG’s previous hardware hacks involved modifying an Apple USB-C laptop charger so that it could take over a user’s computer. Another involved hacking a USB thumb drive so that it would explode after malicious software was installed on it.
Because “of all the USB-A connectors, the Apple ones are the hardest to interface with because they are so small,” he opted to use a Lightning cable for this endeavor. He reasoned that if he could convert a Lightning cable into a hacking device, then any USB cable could be converted.
However, it is important to note that MG is not only selling to security researchers, even though they are the intended users of the cable. A potential threat is that it could be purchased by anyone. That said, maybe that’s the point; maybe there needs to be a real threat for us to take it seriously. MG says he documented his work and sold the cable to a store frequented by security researchers so that they might prepare for attacks using malicious USB cables.