Security researcher Mike Grover discovered that simply plugging a lightning cable to your personal computer can compromise users’ data.
In the past, one of the ways users can have their sensitive data compromised by plugging in a flash drive. However, Grover showed that USB cables, including Apple’s lightning cable, can be capable of “hijacking” a machine.
The Verge that the researcher, who uses the handle MG, created “O.MG cables.” O.MG is a modified Lightning cable that is capable of hacking computers.
Grover said that O.MG appears and functions similar to the actual Lightning cables. This means that the wire allows users to connect their iPhones to a computer. However, MG incorporated hidden software and hardware that allows malicious actors to access users’ sensitive data.
When plugged in, an attacker can remotely use various software to attempt to steal login details or install shady programs.
Grover made and sold a few units of these cables during the Def Con security conference. He is working with Hak5, a store specializing in online security products. If all goes well, the “Lightning-lookalike cables” will sell at $100.
Not the first
While MG’s discovery exposes the vulnerability cables can bring, O.MG is not the first of its kind. Reportedly, the National Security Agency (NSA) has also developed a similar piece of technology named COTTONMOUTH.
COTTONMOUTH is a USB hardware add-on that opens a wireless connection into a target network. It also allows a malicious actor to “load exploit software onto target PCs.”
However, Grover was able to develop the cables without the resources that the NSA had. According to The Verge, he created the prototype in his kitchen using small circuit boards. He also wrote the program with the help of a team of programmers.
MG remarked that the development of this hardware “doesn’t require a nation-state anymore.”
‘Hardware hacking history’
Aside from O.MG, the researcher has a history of creating hardware for hacking. In the past, he developed a modded Apple USB-C laptop charger that can hijack a machine and compromise data. He also created a flash drive that “literally explodes” after it injects a malicious program.
Grover noted that he chose to create a hacking device using a Lightning cable because of its fairly complicated interface. The success of the project can mean that he will be able to modify other kinds of cables as well.