Researcher showcases hijacking a computer using legitimate iPhone Lightning cable
The security researcher, nickname MG demonstrated the iPhone Lightning cable which he developed at the annual Def Con hacking conference. This malicious iPhone Lightning cable contains additional malicious components, including malicious hardware and malware payloads, which can be hijacked a computer. “It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable.”
I will be dropping #OMGCables over the next few days of defcon.
I will also have 5g bags of DemonSeed, if that’s your thing.
I’ve been very busy with @d3d0c3d & @clevernyyyy.
Details and update here: https://t.co/0vJf68nxMx
— MG (@_MG_) August 9, 2019
MG said that this iPhone Lightning cable looks like a legitimate product, can be connected to the computer and iOS devices, even the connected computer will not notice the difference. But an attacker can control the victim’s computer by controlling the data line wirelessly. MG types the IP address of the malicious iPhone Lightning cable on his own mobile browser and displays a list of options and can remotely open a terminal on the connected Mac. From here, hackers can run various tools on the victim’s computer.
This malicious iPhone Lightning cable comes with a variety of payloads, scripts, and commands that an attacker can run on the victim’s machine. Hackers can also remotely “kill” the USB implant in malicious iPhone Lightning cable to hide or destroy evidence of the attack. MG currently sells these malicious iPhone Lightning cable for $200.
The MG said that the wireless effective attack distance is 300 feet. If necessary, the hacker can use a stronger antenna to further extend the attack distance. If the wireless network has an Internet connection, the attack distance is basically unlimited. Now MG hopes to mass-produce this data line as a legitimate security tool.
Via: vice
