Imagine if you owned a machine that was capable of hacking phones just by plugging it into them. It certainly sounds like the product of a science fiction story, but surprisingly, hackers create devices like this all the time for computers. It’s one of the reasons why cybersecurity experts always warn users to never plug unfamiliar USB drives into their PCs, or suffer the consequences of an instant compromise.
But computers aren’t the only devices at risk of hardware hacking these days. A white-hat hacker has managed to create a malicious accessory that can compromise an iPhone just by plugging it in. Then, over Wi-Fi, he’s able to take control of the phone without even touching it!
When hackers step up their game, the whole world watches in fear and anticipation. Thankfully, this proof of concept came with good intentions — but if one person can make such a dangerous tool, what’s stopping cybercriminals from making malicious hardware of their own? We have the details on this scary new threat, and what it means for your safety and privacy.
Hacker invents the world’s first malicious Lightning Connector
A white-hat hacker known by the moniker “MG” officially revealed his latest project at the DefCon hacking convention in Las Vegas: A proof of concept for a “malicious Lightning cable” he’s dubbed the “O.MG Cable.”
From the outside, the accessory appears identical to an ordinary Apple-branded cable. Inside, however, lies an advanced array of Wi-Fi equipment and malicious payloads that can completely compromise any phone it’s plugged into.
Unlike traditional security exploits for Apple devices, the O.MG Cable is a bait-and-switch that relies on the user to compromise their own phones. According to MG, “‘Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat.” His proof-of-concept, in his words, “helps drive” the point home.
The accessory is so covert, in fact, that a computer using the cable can’t even tell it’s been altered in any way. It’s only when MG activates the Wi-Fi receiver inside that the O.MG Cable truly comes to life. Once inside, he’s able to remotely control a phone just as if he were holding the device — making it an extremely dangerous threat for any iPhone unlucky enough to fall for it.
Is my phone at risk of being hijacked by a bad cable?
Apparently, even though MG spent around $4,000 dollars developing his “project,” he doesn’t intend for the O.MG Cable to be released to the public. It was designed to demonstrate the inherent vulnerability of iPhones to hardware-based threats, as well as the risk of using accessories that don’t belong to you.
Although the actual “hacking” portion of the compromise occurs via Wi-Fi, your phone would need to be plugged into MG’s specially engineered cable in order to fail. This means that you’re unlikely to encounter a scary device like this in the wild for the time being. To be on the safe side, make sure to only charge your phone with your own cable, or one belonging to someone you trust.
It also bears repeating that, since MG is a white-hat hacker, his intent was to research security vulnerabilities on the iPhone, not harm anyone. That’s not to say that some hacker won’t eventually figure out the same process that he did, but getting ahead of the curve on cybersecurity threats is one of the many ways that tech companies improve their products down the line.
If he wanted to make some serious money, however, he should consider sending his proof of concept to Apple. This is especially true in light of the generous new bug bounties the company is offering enterprising hackers. At least he’ll be able to recoup his R&D costs.
Stay safe out there, and don’t trust any strange cables!