Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Iphone Desktops (Apple) Privacy Security Technology

Researcher Makes Legit-Looking iPhone Lightning Cables That Will Hijack Your Computer (vice.com) 42

A researcher known as MG has modified Lightning cables with extra components to let him remotely connect to the computers that the cables are connected to. "It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," MG said. Motherboard reports: One idea is to take this malicious tool, dubbed O.MG Cable, and swap it for a target's legitimate one. MG suggested you may even give the malicious version as a gift to the target -- the cables even come with some of the correct little pieces of packaging holding them together. MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely "kill" the USB implant, hopefully hiding some evidence of its use or existence. MG made the cables by hand, painstakingly modifying real Apple cables to include the implant. "In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way," he said. MG did point to other researchers who worked on the implant and graphical user interface. He is selling the cables for $200 each.

This discussion has been archived. No new comments can be posted.

Researcher Makes Legit-Looking iPhone Lightning Cables That Will Hijack Your Computer

Comments Filter:
  • What next? Do I need to be afraid if someone gives me a necktie?
    • What next? Do I need to be afraid if someone gives me a necktie?

      Klaatu Verate Necktie...

    • The real story is that he's selling lightning cables for only $200. After parts and labor, he's got to be taking a loss on each one. And if he's making them on his kitchen table by hand, he can't make up for it with volume.

      Given that price tag, I'd bet that these cables would be more popular than the unmodified ones for a solid percent of Mac users.

  • At times, you cannot abandon common sense when designing computers and computer peripherals.
    • by bug_hunter ( 32923 ) on Tuesday August 13, 2019 @11:11PM (#59084962)

      I'm not sure it was a lack of common sense that caused this.
      If I designed the USB spec in 1996, I would not have thought that a complicated chip could be embedded into a charging cable with no noticeable visual indicator that could pretend to be a keyboard - that could then send input to run pre-defined malicious commands.
      It's pretty clever hack, even if not totally original, though the packages might be.

      I'm not sure what the cure is, I guess a pairing step similar to Bluetooth where the device also has to identify what kind of device it is. Even then half the people would just click yes to everything.

      • I'm not sure what the cure is, I guess a pairing step similar to Bluetooth where the device also has to identify what kind of device it is. Even then half the people would just click yes to everything.

        Two-step verification every time a cable is plugged in?

        • USB Type-C Authentication: https://en.wikipedia.org/wiki/... [wikipedia.org]
        • by Calydor ( 739835 )

          How would that even work against this scenario? You accept that a new cable has been plugged in because you just plugged in the new cable you bought (but got swapped without your knowledge and without you noticing). Bam, payload delivered.

          • I suppose the device can authenticate with the manufacturer, your computer being the intermediary. And then your computer knows it can trust this device. The cable can have the usual public/private key and do the usual thing. At least you mitigate some degree of risk there.

            Obviously, this is worthless in a number of common scenarios, like my computer is not fully up and running and connected to the internet. Click yes. Click yes.

            Furthermore, someone who is scavenging parts from a real deal cable from a

      • One wonders how long it has been / or will be before the cheap cables you buy (from China, or indeed elsewhere) on Amazon have malicious chips built in?

        I suspect right now the chips are such poor quality that they're literally getting "chinese whispers" rather than any real data from such cables (certainly if my recent cable-buying experience is anything to go by). But I'm sure "they" can solve that problem if they wish.

      • Comment removed based on user account deletion
      • by AmiMoJo ( 196126 )

        It's not really the fault of the spec at all, as there is no reasonable solution on the hardware side.

        The fix is as you suggest. When you plug something like a keyboard in the OS asks if you want to activate it. Well, it asks if you already have another keyboard or mouse plugged in, otherwise you couldn't answer the question.

        It should at the very least warn you with something clear like "new KEYBOARD connected, if this isn't want you expected unplug now" with a big keyboard icon. If the user is dumb enough

  • From the description, this sounds like simply plugging in the cable allows remote code execution on the computer. How does that happen? Intercepting and/or injecting data I can see. But is there some standard USB driver class that allows code execution without the user having to install a supporting driver? That seems very fishy to me. The closest I can think is something emulating a keyboard and inject the keystrokes to launch whatever, but that's not quite what this sounds like. So was Apple stupid enoug
    • Possibly is there a mass storage component buried in the cable with an autorun on it?

      The cable has to be mimicking something that a PC will default recognize.

      • "The cable has to be mimicking something that a PC will default recognize."

        It is an iPhone Lightning cable, and targets Macs. FTA:

        "In the test with Motherboard, MG connected his phone to a wifi hotspot emanating out of the malicious cable in order to start messing with the target Mac itself."

        Maybe have a passing familiarity with the subject matter before offering up your "expertise"?

    • I believe it functions as a Rubber Duck and runs the commands as a type of keyboard. This method tends to be more successful as an exploit than a USB drive with autorun.

    • "Intercepting and/or injecting data I can see. But is there some standard USB driver class that allows code execution without the user having to install a supporting driver?"

      Yes. The keyboard driver. You open up a terminal and redirect the TTY output to it. (This may or may not be how it is done in this case as details are sparse.)

  • Comment removed based on user account deletion
  • by Pow ( 107003 )

    So, I'm assuming it detects as USB HID when plugged in, drops payload via opening terminal and typing in code. That is essentially the backdoor. When done it disconnects data lines, bypassing the 8-bit microprocessor and making it a regular data cable.

    Any way to not trust USB HID devices by default in MacOS, Windows?

    • by Kaenneth ( 82978 )

      on Windows, Yes, but good luck logging in to undo it if you have any issues.

      Hard reboot 3-4 times in a row without logging in or shutting down properly used to start recovery mode, where you can load your last known good config.

      • I hadn't really thought about the implications of not being able to trust the keyboard... it'd certainly be hard to deal with in a good way
    • A physical switch on the data lines.

  • The NSA was doing this ten years ago with COTTONMOUTH; while their product looks a lot more capable, it also costs $1M for 50 units; half the functionality for a tiny percentage of the price is a pretty good tradeoff.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

  • A chip like this could literally be placed inside almost any device. How do you know the keyboard you already own doesn't have a chip "sleeping" inside, waiting for it's master to wake it?

    A new wireless keyboard comes out. For the first year they ship them with no secret chips. People have all the time in the world to do tear-downs, inspections, reviews, etc. Once people move on and the price drops it looks more attractive. Then they start putting the chip in , and no one is the wiser. Who is going to do

  • From what I gather from the article, it poses as a keyboard and opens a terminal (shell/command prompt) using a keyboard shortcut.

        Control + Option + Shift + T”, it will open a new Terminal window

    So basically, you can see it on the screen.. and the hacker has no way of seeing the output on the terminal.

    And if the computer is locked, there is no way this will work while you are away?

    Perhaps if the cable emulated a display, the hacker could see something.

    • by tlhIngan ( 30335 )

      Perhaps if the cable emulated a display, the hacker could see something.

      I believe there's a USB class for display devices as well... at least that's how those driverless docking stations work where you plug in a USB 3 cable and get HDMI/DIsplayport outputs as well. It's not terribly great (bad framerate) but hey.

  • Okay, I get that the cable has an embedded keyboard that the criminal can use to send commands to the computer it is plugged into. But how does a cable also have, I assume, a fixed IP address!?
    • by Pow ( 107003 )

      The cable emulates keyboard when connected to computer, opens a terminal, writes a small stage1 script that fetches stage2 RAT software off the Internet. Exits the terminal and closes window. It happens so fast that you'd only see a window pop up for a split second.
      The stage2 software connects to command and control servers. That's it.

      Cable has such limited functionality required that an 8-bit microchip can do that.

      The cable does not have an IP address. Implementing a functional TCP/IP stack on 8-bit AVR ch

  • I knew there was more to "Brushing" than met the eye

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...