A new version of the OMG Cable, a lookalike of the Lightning to USB cable marketed by Apple, has been developed with upgraded capabilities, and it is believed that it can steal users’ data from a mile away.
The OMG Cable was first introduced in 2019, by security researcher MG, who has been carrying out mass production of the tool in collaboration with cybersecurity vendor Hak5, mainly for penetration testers and researchers. While these cables are nearly identical to the Lightning to USB cables commonly available in the market, they carry some modifications under the hood, making them valuable to hackers. Take a Mac, for example. If an ONG cable is plugged into it, the same can be use to extract passwords and other data that is typed by users, which can then be sent to a remote attacker.
A Vow To Shatter Misconceptions
News of the upgraded version, which apparently features a brand new Lightning to USB-C option, was first brought to light through a report by Vice on Thursday. According to the report, MG has said that they wanted to prove the alleged misconception about Type C cables being safe “from this kind of impact because there isn’t enough space,” wrong. Hence the design.
The security researcher says that the new cables come equipped with geofencing features, which can switch attacks depending on on physical location of the target. This has been made possible by allowing threat actors to trigger of block device payloads depending on their location, thereby preventing the payloads of keystrokes being collected from other devices from being leaked.
The range of these cables has been enhanced too, and now, they can be used to trigger malicious content from over a mile away. While it has not been proved yet, the USB-C portal could, in theory, allow these cables to also extend their reach to mobile devices, like iPhones. Additionally, the cables also carry the ability to change keyboard mappings, and the capacity to forge the identity of USB devices.
A Wi-Fi Hotspot To Let Hackers In
OMG cables are available exclusively from Hak5, at a price of around $120. How do they work, you ask? They do so by creating a wireless fidelity (Wi-Fi, for ease of understanding), hotspot, allowing the attackers to connect to it through their own devices. Once the connection is set, the hacker can tap into any normal web browser interface to log keystrokes and extract information through the same, including usernames and passwords, among others.