Hardware hacks might not get as much attention as the latest security breaches, but they can be just as devastating. You’re probably picturing an attacker sneakily using a dummy USB key to infiltrate a computer, but as a recent report from Vice describes, even innocuous tech like Apple’s Lightning cables can be modified to exploit vulnerabilities and take control of your devices.
The dummy Lightning cables — named “O.MG cables” after their creator, a security researcher known as MG — were circulated at the recent Defcon hacker convention in Las Vegas. O.MG cables are otherwise normal-looking Lightning cables modded with extra hardware that give hackers remote access to your PC and iOS devices when they’re plugged in.
O.MG cables are indistinguishable from the real thing, and they even come with the iconic adhesive binding rings you’ll find wrapped around new Apple cables. The modded cables act normally, too, letting you charge your devices via USB or transfer files from your iOS devices.
Neither your PC nor your connected devices will ever notice that anything is amiss. Short of dissecting the cable to look for the extra hardware, the only way to detect that you’re using an O.MG cable is when you realise, after the fact, that your device was exploited. And even if you happen to catch an attacker running a terminal window on your PC remotely, O.MG cables include a killswitch that disables the implanted hardware, thus destroying any possibility to track down the attack’s origins.
Protecting yourself from the O.MG cable (and friends)
Here’s the good news: these fake cables are not widespread, and even if they were, it would be hard to “accidentally” purchase one from an Apple Store since would take some effort on behalf of the hacker to implant a modded cable into legit packaging — at least for now. That, and these modified Lightning cables have all been painstakingly built by hand (so far).
The O.MG cable exploit is a lot like using USB keys or other external devices to gain remote access to a PC. Such tactics are more common than some may think, but there are some common-sense preventative measures you can take to keep your data and devices safe:
Don’t pick up any random tech you find laying around, even if its in what looks to be legit packaging
Don’t accept unsolicited chargers, USB dongles, or similar components as gifts from people you don’t trust, and definitely don’t plug them into your devices. Similarly, only borrow chargers from people you trust.
Only buy your cables from legit sources online, or better yet, from physical locations where you can ensure the packaging hasn’t been tampered with.
When it comes to cables you already own, keep your devices, cables, USB dongles, and other components nearby and secure while out in public.