Keeping your iPhone and private data secure may become harder than ever with the arrival of a new O.MG cable intended for hacking that looks just like a Lighting cable. The fake cable, developed by a security researcher simply known as “MG,” comes loaded with a variety of hacking tools, including a keylogger.
The original O.MG Cables were demoed at the Def Con hacking conference in 2019. They were built by hand from regular Lightning cables, and they act just like you would expect a Lightning cable to act. They charge phones, transfer data, spur the usual prompts when plugged into a computer — and, unlike Lightning cables, allow attackers to remotely control your device.
The new cables have a variety of features and attack modes, including keylogging and keystroke injection. According to Vice, they can change keyboard mappings, forge the identity of USB devices, and create a wireless hots pot that hackers can access. A simple web app allows the hacker to record keystrokes from the victim’s device, giving them access to passwords and other sensitive information. While Vice only tried the cable at a short distance, MG claims that the cable has a range of over one mile.
This is accomplished via a chip implanted in the USB-C connector’s plastic housing. The chip takes up about half the space inside the connector, so the cable still looks and operates like an authentic cable. That precise design, combined with the ongoing chip shortage, has complicated the manufacturing process of the O.MG cables. As MG explained: “If an individual component is out of stock, it is basically impossible to find a replacement when fractions of millimeters are important.”
Even with manufacturing difficulties, O.MG Cables are now available for sale, though we won’t link to where you can buy it in the interest of security. The new cables are available in a number of variations, including Lightning to USB-C, and black cables like USB-C to USB-C for use with non-Apple products. Each one contains a keylogger variant, and the cables are packaged in ways that mimic authentic products, from the boxes down to the little cardboard wraps that secure Lightning cables.
As of now, there is no clear way to distinguish between an O.MG Cable and an authentic one. In a previous statement to Vice, an Apple spokesperson reiterated that Apple recommends using only accessories that come with the MFi badge on the item’s packaging, which shows that the accessory is certified by Apple.
This news is particularly disturbing since Apple is rolling out features with iOS 15 that include allowing you to store your driver’s license directly on your phone. A number of states have already accepted it, as has the Transportation Security Administration (TSA). Now attackers have one more tool with this new Lightning cable look-alike.
