A security researcher who reportedly works for Verizon Media has developed modified Lightning Cables for Apple devices that can hack your computer when you plug it in. Mike Grover, who goes by “MG” online, created a handful of these O.MG cables which he then sold at Def Con, a security conference.
Grover says that his cables look and function like the standard Lightning cable you get with your iPhone. But MG hid software and hardware, including a wireless access point, inside its USB connector. When the cable is plugged into a computer, it can be triggered remotely to attempt to steal a user’s login credentials or install malicious software.
According to Grover, cables like the O.MG cable have existed for quite a while. “A lot of these capabilities, a lot of the attack surface, is really nothing new,” he says. The NSA also reportedly made a cable that is pretty similar called COTTONMOUTH and could be plugged into someone’s computer to wirelessly send software to it.
Grover says, “It doesn’t require a nation-state anymore to do this”. He built the O.MG cable in his kitchen; taking an off-the-shelf Lightning cable and modifying it with circuit boards that he made himself with an inexpensive desktop PCB mill. He also developed the software that runs on the cable, along with a small team of collaborators.
Grover says that he chose Apple’s Lightning cable to do this to because “out of all of the USB-A connectors, the Apple ones are the hardest to interface with because they’re so small.” This means that this type of technology can be applied to almost any physical connector.