Warning Apple iPhone: The New and Dangerous Lightning Cable on Sale Now - Forbes

OnlyPhoto by Getty Images

Another weekend reminder of the dangers of borrowing USB cables was announced this weekend. A flash cable for the iPhone, with the connected devices can be hacked remotely, is already on the market. The OMG cable, which looks and behaves like an Apple cable every day, has a notable impact on Def Con in August. Now he is prepared for "mass production".

Although it works normally: The phones are loaded, iTunes is opened, the usual dialog boxes are displayed: The OMG cable contains a sophisticated wireless implant that can be accessed by an attacker nearby. The transparency of this project is interesting: a capacity that is normally maintained within security agencies or in the dark Internet behind closed doors. As such, it effectively warns users of the risk of using cables or accessories from sources other than trusted.

OMG cables are sold to Hak5 for around $ 100 . The website describes the product as "a very concealed male USB cable: Once the cable is connected, it can be controlled via the cable's wireless network interface". In Def Con, cable developer Mike Grover (MG) said he could access a device at a maximum distance of 300 feet near Wi-Fi, "the removal would be unlimited.

Hak5 says you can use the cable to create, record and transfer new payloads remotely. The cable was designed for Red Teams with features such as extra startup loads without USB enumeration, running the content, and the ability to clear the forensic firmware so that the cable gets completely in a harmless state. And these are just the features so far revealed. "

USB cable adjustments in the aftermarket are not an isolated case. Security programs often display dangerous charging cables to access smart devices. Here is the target of the computer to which the cable is connected, but the principle is the same. The OMG cable is portrayed as a skill for the good, but it has scary effects. Cords supplied as giveaway, which are provided by hotels or lounges of airports, taxis or airlines, are exchanged ... the possibilities are endless.

"The USB police will intercept me," MG joked on Twitter before warning, "Apple is already the hardest, they're the only ones doing a lot." The other types of cables are much easier to remove. "

MG developed the OMG cable as a "personal learning project" before it became a large-scale development project. And it is precisely this development of the production-ready prototype that takes time. Intel agencies around the world specialize in post-market customization of original equipment to ensure their approval and avoid suspicion. The high availability of this type of capacity raises serious questions for manufacturers and the security community.

In terms of security, it was a difficult year for Apple. Several articles about product piracy and iOS exploits have undermined the company's reputation as the most secure mass-market device manufacturer. The OMG cable does not help.

MG told me that the cables "will be available wherever Hak5 sells its tools," and when I asked about the safety of such sales, I was assured that the website has "a well-established method" for selling Pentest - Manage hardware as follows "."

Regarding fears that his technology will be abused, MG said that people should be more aware than worried. "And awareness is exactly what it's all about, which also leads to an increase in defenses. Harmful cables have been around for more than a decade," he said, "but people just did not notice."

MG told me that I have something else with "deadly hardware functionality" in mind. If the OMG cable has anything to do, I can not wait to see it.