Data Security

$120 charging cable O.MG remotely steals data from Apple devices

Originally, O.MG Cable was introduced in 2019.


In 2019, at DEFCON, an IT security researcher going by the online handle of MG introduced a Lightning cable dubbed O.MG cable that allowed a remote attacker to steal data from Apple devices. Now, an upgraded version of the O.MG Cable has been released that is equipped with additional capabilities.

O.MG Cable is like any standard lighting to USB cable. It was demoed in 2019 by security researcher MG, who then collaborated with cybersecurity vendor Hak5 for the mass production of cables for penetration testers and security researchers.

SEE: BusKill USB cable switches off your laptop in the event of theft

The cables are called MG and are available in several different versions, which include Lightning to USB-C. These cables appear similar to cables from other accessories manufactures, which makes them a cause of concern as these can undermine devices’ security.

Unique Features

The $120 O.MG Cable appears just like an Apple lightning cable and is sold in USB-A and USB-C format. However, what makes it different from other cables around is the host of exclusive features that it comes packed with.

For instance, its geofencing feature lets users trigger or block payloads from the device after inspecting its location to prevent keystrokes or payload leakage that it has collected from other devices.


Moreover, according to Vice’s Joseph Cox, O.MG cable is capable of changing keyboard mappings and forge USB devices’ identities. It has a tiny implanted chip, the same size as the chips found in authentic cables.

That’s why it becomes so difficult to identify malicious code. The implant consumes half of the length of a USB-C connector’s shell, due to which the cable keeps operating as usual.

Transmit data from a mile away

O.MG cable can log keystrokes from anything it is connected to, including Mac keyboards, iPhones, or iPads, and send the data to an attacker from over a mile’s distance.

However, the attacker has to establish a Wi-Fi hotspot with the cable and using a simple web-based app. Additionally, attackers can easily record keystrokes or deploy malicious software onto Apple devices pretty conveniently.


Comments
To Top

Pin It on Pinterest

Share This