A well-meaning hacker has devised a way to control a person’s smartphone – through their charging cable.
The unnamed person, who works at Verizon Media and goes by the Twitter handle @_MG_, created the tool to highlight outstanding security risks surrounding modern technology.
To do this, he took a standard Apple USB Lightning cable and rigged it with a small, almost invisible Wi-Fi-enabled implant.
This allows other parties to access the said device and, potentially, wreak havoc by sending phishing pages to the victim’s screen.
‘It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,’ the security researcher told Vice.
‘It’s like being able to sit at the keyboard and mouse of the victim but without actually being there.’
He unveiled his project at the annual Def Con hacking conference in Las Vegas, Nevada, earlier this month – explaining that he spent thousands of dollars in the process, with each doctored cable taking four hours to make.
Although this exercise was focused on an Apple product, ‘MG’ warns that Wi-Fi-enabled implants are small enough to be used in accessories issued from other virtually every other smartphone brand.
‘This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,’ he told TechCrunch.
‘Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.’
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update!
This update brought to you by the chaos workshop elves: @d3d0c3d, @pry0cc, @clevernyyyy, @JoelSernaMoreno, @evanbooth, @noncetonic, @cnlohr, @RoganDawes
More info: https://t.co/kkhUppsqiC#OMGCable pic.twitter.com/fIzOaKJSxL
As a result, he hopes that people will be more careful in using charging cables.
‘Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,’ he added.
‘This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough.’
‘Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,’ he said. ‘So this helps drive home education that goes deeper.’