Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory.
"I’ve completely torn the cable apart to make sure there aren’t any production stoppers. Gotta make sure it’s up to par!," the security researcher MG told Motherboard in an online chat.
MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance.
After demoing the cable for Motherboard at the Def Con hacking conference this summer, MG said "It’s like being able to sit at the keyboard and mouse of the victim but without actually being there."
At the time, MG was selling the handmade cables at the conference for $200 each. Now that production process has been streamlined.
"I’m just being super transparent about the process," MG told Motherboard. "[Mostly] everyone who manufactures something is going to keep it quiet up until release day when they unveil the entire thing and it’s ready for sale or they at least have a sale date."
This doesn't necessarily mean that factories are churning out O.MG Cables right now, but it shows that their manufacture can be fully outsourced, and MG doesn't have to make the cables by hand.
Know of any other interesting hacking hardware? We'd love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
Hak5, a company that sells hacking and cybersecurity tools, will be distributing the product once it's ready. The listing for the cable on the Hak5 website reads, "The O.MG Cable™ is the result of months of work that has resulted in a highly covert malicious USB cable. As soon as the cable is plugged in, it can be controlled through the wireless network interface that lives inside the cable."
"The first batch of production samples are confidence inspiring. We're balancing a number of factors in getting these mischief gadgets produced—and I think everyone is going to be excited by the finished products," Darren Kitchen, founder of Hak5, wrote in an email. "The production process has been pretty straightforward, given our experience making pentest [penetration testing] implants. The high energy MG and his team bring has colored every aspect of the project, and his attention to detail is paying off."
MG said they have never mass produced anything before.
"This was my first time doing any of it so I don’t have a good reference point," he said. "But learning how to do that was a lot easier than learning how to create the final prototypes. Most of it is the long wait times for each 'spin' to happen. But having Hak5 help me connect the dots has been a big help because there really isn’t much information on how to do it otherwise." MG added they still need to program and QA test the cables.
An Apple spokesperson pointed to the first sentence in the company's "Identify counterfeit or uncertified Lightning connector accessories" support page. That sentence reads, "Apple recommends using only accessories that Apple has certified and that come with the MFi badge." The MFi badge on the item's packaging shows the cable is certified by Apple.
Subscribe to our new cybersecurity podcast, CYBER.