A fake Apple charging cable has been developed that could allow attackers to trick their way into a victim’s devices.
Security researcher Mike Grover, also known as MG, has developed a fake Lightning-esque cable similar to those used to charge up iPhones that he says could be use to hijack a laptop or PC just by plugging in.
When plugged into a Linux, Mac or Windows computer, and connected via Wi-Fi, the O.MG Cable can give a hacker full control over the system, allowing them to carry out commands remotely.
Grover revealed the cable at last week’s DefCon cybersecurity convention, highlighting what he says has been an under-investigated area of mobile security.
“It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,” he told Motherboard.
Grover says that the cable, which fortunately is only a prototype, could be utilised in a number of ways by criminals, allowing them to download and launch malware, remove devices from Wi-Fi networks, and even reconfigure systems.
The cable takes advantage of a flaw in the computer’s operating system that detects the cable as part of an input device, or what’s known as a human interface device (HID).
Once connected via the IP address of the cable, hackers can start to issue commands using a mouse and keyboard, as operating systems consider HID devices to be input devices. This allows them to manouevre around the hijacked device, download malware or open up software such as browsers to run malicious payloads.
Grover says that the cable, which fortunately is only a prototype, could be utilised in a number of additional ways by criminals, allowing them to download and launch malware, remove devices from Wi-Fi networks, and even reconfigure systems.