I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.
But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.
"It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.
One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target—the cables even come with some of the correct little pieces of packaging holding them together.
MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.
"It’s like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.
The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence.I will be dropping #OMGCables over the next few days of defcon.— _MG_ (@_MG_) August 9, 2019
I will also have 5g bags of DemonSeed, if that’s your thing.
I’ve been very busy with @d3d0c3d & @clevernyyyy.
Details and update here: https://t.co/0vJf68nxMx
MG made the cables by hand, painstakingly modifying real Apple cables to include the implant.
"In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.
In the test with Motherboard, MG connected his phone to a wifi hotspot emanating out of the malicious cable in order to start messing with the target Mac itself.
"I’m currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited." he added.
Now MG wants to get the cables produced as a legitimate security tool; he said the company Hak5 is onboard with making that happen. These cables would be made from scratch rather than modified Apple ones, MG said.
MG added, "Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables."