A cybersecurity researcher has successfully found a means to mass produce an Apple iPhone charging cable lookalike that can allow a hacker to remotely access someone else's computer, reported Vice. When a victim uses the cable to connect a device to their computer — for everyday reasons like charging or transferring files — a hacker can jump onto the connection to gain access. Once the intruder has access to the computer, they can run commands and rummage through your data.
"It looks like a legitimate cable and works just like one," the creator, known as MG, said to Vice. "Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable."
The aptly named OM.G cable grants an attacker control by using the wireless network interface implanted within it. The prototype cables were able to connect to devices from 300 feet away; however, as long as there's an internet connection nearby, that range can extend indefinitely. The cable is purposefully malicious, meant to serve as a tool for researchers and industry specialists to experiment with ways someone could break into a computer (or even a voting machine).
Nefarious as it all sounds, devices and creations like these are the driving force behind security improvements. While researchers who look into cyber attacks make up one half of the information security (infosec) community, the other half is made up of defenders. Creations like the OM.G cable help the defenders learn new ways to improve security and educate consumers on safe security practices.
Devices like this can also spur companies to develop better safety measures and release security-related patches. Sometimes, companies don't bother taking the time to fix these holes until someone has made their vulnerabilities public. Or until it's too late.
Creating cables that can break into Apple devices is like throwing yourself at the highest difficulty level of an obstacle. Being successful at hacking it is both good and bad news — good because it's an accomplishment for the researcher, but bad because it probably means it's possible for others to do the same to other, less secure, cables.
"Apple cables are simply the most difficult to do this to," MG noted to Vice, "so if I can successfully implant one of these, then I can usually do it to other cables."
Once the cable is available for sale to the public, after programming and testing, its use will depend on the person. On Twitter, other members of the cybersecurity community have pushed for consumer awareness as the first line of defense. Because, despite how much they market user privacy and protection, big companies will still hesitate to admit they have a security problem first.
One of the best ways to protect yourself from these kinds of hacks would be to avoid walking right into it — don't use USB cables lying around in public areas and try to use company-approved peripherals. Other third-party accessories, especially from unknown manufacturers, might be cheaper, but they could come with a substantial security risk like this cable.