In case you thought sharing phone data cables was safe, you’re in for a big surprise. A security researcher has just shown the world how a seemingly normal looking iPhone Lightning Cable can be used to hack into your device, accessing all your private information. How is this all possible? Let’s find out.
Mike Grover, the researcher in question, used the facility of his own kitchen to modify and develop a Lightning cable that can hack into your computer. The most impressive and frankly worrisome part is that the modified cable looks exactly like an OEM charging and data transfer cable that you get with your iPhone.
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update!
— _MG_ (@_MG_) April 12, 2019
In the tweet above, you can see a video where Grover, better known as MG, visually explains how the process of hacking works. As soon as the modified cable is connected to the laptop, it starts transmitting to the hacker’s iPhone. The hacker uses a special Lockscream Payload app that has been specifically designed for this purpose.
Once the cable starts transmitting, a distraction is sent to the victim to take their eyes from the laptop screen while the hacking process occurs. The cable forces the laptop to go back to the lock screen where the victim has to type in the password. The password is then picked up by a keylogger and transmitted to the hacker’s iPhone.
Grover calls his invention the O.MG Cable and sold a handful of units to other security researchers at Def Con, the world’s largest hacker’s convention. He intends to sell a production version of this cable for around $100 each. If you’re interested in buying this cable, you can check it out here.
According to Grover, cables like these have existed for over a decade. He says, “A lot of these capabilities, a lot of the attack surface, is really nothing new”. He also mentioned that the NSA has made something similar in order to access private information and transmit data. That project was reportedly codenamed COTTONMOUTH.
It’s impressive how an individual was able to make something of this caliber at home and while Grover’s intentions are pure regarding the sale of his cables, there’s still an elephant in the room. What if a buyer intends to use these cables to abuse someone’s privacy? How would Grover know who would put this technology to good use and who would use it for their own personal gain? I guess that is something even Grover can’t control and the best we can do is hope software developers tighten up the security of their operating systems for the betterment of the world.